Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

def-2001-04: Netscape Enterprise Server Dot-DoS

From: Peter Gründl <peter.grundl () DEFCOM COM>
Date: Mon, 22 Jan 2001 13:28:37 +0100
======================================================================
                  Defcom Labs Advisory def-2001-04

                 Netscape Enterprise Server Dot-DoS

Author: Peter Gründl <peter.grundl () defcom com>
Release Date: 2001-01-22
======================================================================
------------------------=[Brief Description]=-------------------------
The Netscape Enterprise Server 4.1, SP5 has a problem dealing with
dotdot-URLs. The problem can result in the service crashing.

------------------------=[Affected Systems]=--------------------------
- Netscape Enterprise Server 4.1, SP5 for Windows NT 4.0

----------------------=[Detailed Description]=------------------------
If a GET request is performed which includes at least 1344 x /../, the
web service will crash. This goes for both the normal HTTP service and
the admin service. The crash has to be performed twice, since NES will
reestablish the service the first time it crashes.

---------------------------=[Workaround]=-----------------------------
None known. We've only come across this bug on 4.1, SP5, but would not
rule out the possibility of it existing in other versions.

-------------------------=[Vendor Response]=--------------------------
This issue was brought to the vendor's attention on the 7th of
December, 2000. Vendor replied on the 22nd of January, 2001 and has
been unable to reproduce the bug:

"I've used their perl script to abuse an iWS4.1sp5 server. The server
does not crash, politetly returns errors to the client, and logs
errors.

However, given the announcement on the Iplanet Web site regarding iWS
stability I would recommend they upgrade to SP6, URL given below.

http://www.iplanet.com/support/iws-alert/index.html";

According to the URL supplied by Netscape, there is no SP6 for IWS4.1,
so it is adviced that people try this out for themselves to determine
if they are vulnerable. It was found on Windows NT 4.0, with SP6a.

======================================================================
            This release was brought to you by Defcom Labs

              labs () defcom com             www.defcom.com
======================================================================
Previous By Date Next
Previous By Thread Next

Current thread: