I have reached a different result: after entering the %'s, the OWA site returns HTTP 500 - Internal server error . However, IIS is up and running, other sites work OK. It seems that the leak is in the Exchange OWA script (ISAPI?) rather than in IIS. OWA still not working after restarting IIS. Exchange 5.5 SP4, NT4 SP6 w/o rullup package Mihai PETROV > -----Original Message----- > From: Andrew McQueen [mailto:amcqueenat_private] > Sent: Thursday, August 23, 2001 1:22 AM > To: 'bugtraqat_private' > Subject: OWA over ssl shutting down IIS > > > Here is a copy of postings I posted to the iis security forum > > I have just found this bug with our IIS 4 server and OWA > The server is SP6a with the hotfix roll up applied and also > the 128 bit > ssl upgrade OWA is running accross 128 bit ssl > > I log onto OWA with an extra long user name of % characters > ie %%%%%%%%% > (at least 30 times) > I then receive the NT username and password box if I then > fill both of > these with the same characters and hit return till the page > times out. > > The result ends up with world wide web publishing service is stopped > And IIS admin service stopped > > > exchange 5.5 sp4 > The iis server is separate to the exchange server > I will be able give more specific info tommorrow! > ie event logs, specific service packs etc > I have replicated this problem 5 times now and not once has > it failed to > work. > Is this a known problem and if not could it be exploited > (apart from DOS) > > Andy Mcqueen (sorry about the footer it is a legal firm and > is compulsory) >
This archive was generated by hypermail 2b30 : Thu Aug 23 2001 - 07:04:18 PDT