Bugtraq mailing list archives
Re: http://www.news.com/News/Item/0,4,11759,00.html
From: raymond () THRIJSWIJK NL (Raymond Dijkxhoorn)
Date: Sat, 21 Jun 1997 15:01:19 +0200
Hi! A fix is out for the MS IIE bug... Read below: DOCUMENT:Q143484 [winnt] TITLE: Internet Information Server Denial Of Service Attack PRODUCT: Microsoft Windows NT PROD/VER:4.00 OPER/SYS:WINDOWS KEYWORDS:kbbug4.00 kbfile kbfix4.00 ------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Server version 4.0 -------------------------------------------------------------------------- SYMPTOMS ========== Internet Information Server services are stopped and a Dr. Watson error is generated referencing the Inetinfo.exe process. CAUSE ====== The Internet Information Server services will stop when it receives a CGI request from a browser that contains between 4k to 8k chunk of data in the URL. STATUS ====== Microsoft has confirmed this to be a problem in Internet Information Server version 2.0 and 3.0 A supported fix is now available, but has not been fully regression-tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix. Contact Microsoft Technical Support for more information. The fix is also available for download on the Internet at the following URL: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/ hotfixes-postSP3/iis-fix Additional query words: 4.00 iis ============================================================================ THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Bye, Raymond.
Current thread:
- Re: Netscape Admin Servers /tmp/deamonstat Matthew Archibald (Jun 17)
- Re: Netscape Admin Servers /tmp/deamonstat Joe Zbiciak (Jun 17)
- Solaris 2.5.1 party piece Alan Cox (Jun 19)
- Core file anomalies under BSDi 3.0 Nir Soffer (Jun 19)
- Re: Core file anomalies under BSDi 3.0 Theo de Raadt (Jun 20)
- Re: Core file anomalies under BSDi 3.0 Ariel Biener (Jun 20)
- http://www.news.com/News/Item/0,4,11759,00.html Aleph One (Jun 20)
- Re: http://www.news.com/News/Item/0,4,11759,00.html Raymond Dijkxhoorn (Jun 21)
- Re: Core file anomalies under BSDi 3.0 Stacey Son (Jun 20)
- Core file anomalies under BSDi 3.0 Nir Soffer (Jun 19)
- /cgi-bin/handler - more notes Razvan Dragomirescu (Jun 19)
- Re: Solaris 2.5.1 party piece Doug Hughes (Jun 19)
- Re: Solaris 2.5.1 party piece Bojan Zdrnja (Jun 20)
- Re: Solaris 2.5.1 party piece Joe Gross (Jun 20)
- <Possible follow-ups>
- Re: Netscape Admin Servers /tmp/deamonstat Corinne Posse (Jun 17)
- Re: Netscape Admin Servers /tmp/deamonstat Valdis.Kletnieks () VT EDU (Jun 18)
- Re: your mail J. Joseph Max Katz (Jun 18)
- Re: your mail yeti (Jun 19)
- WE FOUND IT! (fwd) Jason R Mastaler (Jun 18)
- Re: Netscape Admin Servers /tmp/deamonstat Valdis.Kletnieks () VT EDU (Jun 18)