Re: IIS Vulnerability Content-Type overflow

From: Syzop (syzat_private)
Date: Tue Dec 03 2002 - 14:48:40 PST

Next message: Romulo M. Cholewa: "RES: IIS Vulnerability Content-Type overflow [DH-7XC4RA3]"

Previous message: Gustaf Josefsson: "Local DOS in MacOS X"
In reply to: at4r: "IIS Vulnerability Content-Type overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

at4r wrote:
> while testing a few days ago how to reproduce the lastest mdac rds
> vulnerability i found that a specially malformed http request to an IIS
> Webserver can allow a buffer overflow.

* I don't see a crash
* I don't see "big CPU consume". If I flood with this at 2.8MB/s (!)
   I get ~25% CPU usage @ AMD 1800+.
* You can get the same thing with: perl -e 'print "A"x200000'|nc <IP> 80

Cya,

	Bram Matthys (Syzop).

Next message: Romulo M. Cholewa: "RES: IIS Vulnerability Content-Type overflow [DH-7XC4RA3]"
Previous message: Gustaf Josefsson: "Local DOS in MacOS X"
In reply to: at4r: "IIS Vulnerability Content-Type overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 03 2002 - 20:40:22 PST