SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  ASP.NET Vendors:  Microsoft
Microsoft ASP.NET Incorrect COM Component Reference Lets Remote Users Deny Service
SecurityTracker Alert ID:  1015825
SecurityTracker URL:  http://securitytracker.com/id?1015825
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 24 2006
Impact:  Denial of service via network
Vendor Confirmed:  Yes  
Description:  A vulnerability was reported in Microsoft ASP.NET. A remote user can cause denial of service conditions.

A remote user can send specially crafted requests to the target system to improperly reference COM and COM+ objects within the target application. This may cause the 'w3wp.exe' worker process to crash.

A demonstration exploit is available at:

http://hackingspirits.com/vuln-rnd/vuln-rnd.html

De basis Mohanty discovered this vulnerability.
Impact:  A remote user can cause the 'w3wp.exe' worker process to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/ (Links to External Site)
Cause:  State error
Underlying OS:  Windows (Any)
Reported By:  "Debasis Mohanty" <debasis@hackingspirits.com>
Message History:   None.

 Source Message Contents
Date:  Wed, 22 Mar 2006 07:50:53 +0530
From:  "Debasis Mohanty" <debasis@hackingspirits.com>
Subject:  w3wp remote DoS

 
Sorry, if you are receiving multiple copies of it. Just resending as the one
that I sent last night has not yet appeared.

w3wp remote DoS due to improper reference of STA COM components in ASP.NET
===========================================================================

Vendor: Microsoft Corporation
MSRC (Microsoft Security Response Center) Case No: MSRC 6367sd Product Info:
IIS Worker Process (w3wp)

I. BACKGROUND
Early last year while I was trying out few canonicalization attacks on sites
running asp.net applications, I came across an un-expected remote DoS
against the worker process (i.e. w3wp). As the frequency of success was
*random*, I didn't took much interest in it. However during one more test in
my home lab, I was able to reproduce the same w3wp crash again (almost with
7 out of 10 success ratio) which is why I thought of debugging and
investigating more on this issue.

After working for more than one month with Microsoft (MSRC) on this issue,
it is finally concluded that the crash can occur un-expectedly and is due to
improper reference of COM or COM+ in the asp.net applications. Often
developers forget to use the AspCompat directive which is required while
referencing COM components in ASP.NET. Below are the links which provides
the insight on the appropriate usage of AspCompat :
http://msdn2.microsoft.com/en-us/library/zwk9h2kb.aspx
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/
dbgch04.asp


II.	PROOF-OF-CONCEPT
The exploit code and the PoC details can be downloaded from the following
link:
http://hackingspirits.com/vuln-rnd/vuln-rnd.html

Regards,
Debasis Mohanty


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2006, SecurityGlobal.net LLC