Defcom Labs Advisory def-2001-04 - The Netscape Enterprise Server 4.1, SP5 has a problem dealing with dotdot-URLs which allows remote users to crash the server.
768d61483abe30a51ab1cd66b87cfae17257c72ec3296e35a6747a6f502c5357======================================================================
Defcom Labs Advisory def-2001-04
Netscape Enterprise Server Dot-DoS
Author: Peter Gründl <peter.grundl@defcom.com>
Release Date: 2001-01-22
======================================================================
------------------------=[Brief Description]=-------------------------
The Netscape Enterprise Server 4.1, SP5 has a problem dealing with
dotdot-URLs. The problem can result in the service crashing.
------------------------=[Affected Systems]=--------------------------
- Netscape Enterprise Server 4.1, SP5 for Windows NT 4.0
----------------------=[Detailed Description]=------------------------
If a GET request is performed which includes at least 1344 x /../, the
web service will crash. This goes for both the normal HTTP service and
the admin service. The crash has to be performed twice, since NES will
reestablish the service the first time it crashes.
---------------------------=[Workaround]=-----------------------------
None known. We've only come across this bug on 4.1, SP5, but would not
rule out the possibility of it existing in other versions.
-------------------------=[Vendor Response]=--------------------------
This issue was brought to the vendor's attention on the 7th of
December, 2000. Vendor replied on the 22nd of January, 2001 and has
been unable to reproduce the bug:
"I've used their perl script to abuse an iWS4.1sp5 server. The server
does not crash, politetly returns errors to the client, and logs
errors.
However, given the announcement on the Iplanet Web site regarding iWS
stability I would recommend they upgrade to SP6, URL given below.
http://www.iplanet.com/support/iws-alert/index.html"
According to the URL supplied by Netscape, there is no SP6 for IWS4.1,
so it is adviced that people try this out for themselves to determine
if they are vulnerable. It was found on Windows NT 4.0, with SP6a.
======================================================================
This release was brought to you by Defcom Labs
labs@defcom.com www.defcom.com
======================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed