Microsoft's Internet Information Server's ASP Processor Can Be Crashed by Remote Users in Certain Situations
SecurityTracker Alert ID: 1001923|
SecurityTracker URL: http://securitytracker.com/id/1001923
(Links to External Site)
Date: Jul 5 2001
Denial of service via local system, Denial of service via network|
Exploit Included: Yes |
Version(s): IIS 4, 5|
A vulnerability was reported in Microsoft Interent Information Server's ASP processor that allows remote users to cause the ASP processor to crash in certain situations.|
NERF gr0up reported a vulnerability in the ASP processor (asp.dll) that can be triggered when device files (e.g., com1, com2) using Scripting.FileSystemObject will crash ASP-processor (asp.dll).
A local user that has permissions to create .asp files can create ASP pages that will cause the ASP processor to crash.
If an ASP script will read user-specified files, a remote user can pass a device name as a file parameter to cause the ASP processor to crash, using a request such as:
An exploit is included in the Source Message.
A local or remote user can cause the IIS ASP processor to crash, requiring the process to be restarted to return to normal operations.|
No vendor solution was available at the time of this entry. Authors of ASP scripts can ensure that files to be opened by Scripting.FileSystemObject to check a file for existing before opening the file.|
Vendor URL: www.microsoft.com/technet/security (Links to External Site)
Resource error, State error|
|Underlying OS: Windows (NT), Windows (2000)|
Source Message Contents
Subject: NERF Advisory #4: MS IIS local and remote DoS|
--== NERF gr0up security advisory #4 ==--
MS IIS local and remote DoS
1. Vulnerable soft: IIS 4,5
Openning and reading of device files (com1, com2, etc.) using Scripting.FileSystemObject will crash ASP-processor (asp.dll).
3. Local exploit:
If you have permission on creating .asp-file, you can crash ASP-processor.
4. Remote exploit:
Sometimes filename passing as asp-script param, which open and read data from file. Passing param as device file will
Fix Scripting.FileSystemObject (have to check file for existing before openning.
Dim strFileName, objFSO, objFile
Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
strFileName = "com1"
Set objFile = objFSO.OpenTextFile(strFileName)
for poor english
Found by buggzy (firstname.lastname@example.org)
NERF Security gr0up (www.nerf.ru), Russia, 2001 (c)