Microsoft IIS ASP Chunked Encoding Variant Heap Overflow

2002-04-10T00:00:00
ID OSVDB:3301
Type osvdb
Reporter OSVDB
Modified 2002-04-10T00:00:00

Description

Vulnerability Description

A remote overflow exists in IIS Active Server Pages (ASP). IIS fails to allocate the proper size buffer resulting in a heap-based overflow. With a specially crafted request, an attacker can cause either a DoS or execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.

Technical Description

This bug is almost exactly like OSVDB ID#768, except that it is caused by a different component of the ASP data transfer process and does affect IIS version 5.1.

Solution Description

Install Patch Q319733, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s):

  1. Disable ASP - Version 1.0 of the IIS Lockdown Tool disables ASP by default, and version 2.1 disables ASP if "Static Web Server" is selected.

  2. The URLScan tool can be used to prevent chunked encoding requests.

Short Description

A remote overflow exists in IIS Active Server Pages (ASP). IIS fails to allocate the proper size buffer resulting in a heap-based overflow. With a specially crafted request, an attacker can cause either a DoS or execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Solution URL: http://www.microsoft.com/technet/security/tools/locktool.asp Vendor Specific Solution URL: http://www.microsoft.com/downloads/search.asp?Search=Keyword&Value='security_patch'&OpSysID=1 Vendor Specific Advisory URL Related OSVDB ID: 768 Other Advisory URL: http://www.nipc.gov/warnings/advisories/2002/02-002.htm Other Advisory URL: http://archives.neohapsis.com/archives/sans/2002/0046.html Other Advisory URL: http://www.iss.net/security_center/alerts/advise114.php Microsoft Security Bulletin: MS02-018 ISS X-Force ID: 8796 CVE-2002-0147 CIAC Advisory: m-066 CERT VU: 669779 CERT: CA-2002-09 Bugtraq ID: 4490