DoS Caused By Re-Released Malformed Header Patch

From: Michael Brennen (mbrennenat_private)
Date: Sat Aug 21 1999 - 02:07:24 PDT

Next message: Alan Cox: "Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent()"

Previous message: Hargett, Matt: "Re: FW: DCOM attack against NT using VB6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I just had a 'patch event' applying the re-released malformed header
patch.  I went through the Microsoft security bulletins and carefully
checked the dates before downloading and applying the patch. I did not
apply the first release of the patch before applying the updated one.
This is on an NT 4.0 SP5 system.

The re-released patch itself caused a very effective denial of
service.  Once applied, the Web server would no longer serve pages;
the browser hung with the message 'Host www.....com contacted; Waiting
for reply....".  Reapplying SP5 corrected the problem.

I repeated the procedure, applying the patch after reapplying SP5; the
DoS repeated after applying the malformed header patch.  Reapplying
SP5 repaired the patch.  The event logs did not report anything out of
the ordinary.

I do not know if others are seeing this, but it seemed worth
reporting.  Before you attempt this patch, make sure you have SP5
available in case you need it to recover.

   Michael Brennen
   President, FishNet(R), Inc.
   (972) 669-0041

Next message: Alan Cox: "Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent()"
Previous message: Hargett, Matt: "Re: FW: DCOM attack against NT using VB6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:57:48 PDT