Microsoft IIS ASP Chunked Encoding Heap Overflow

2002-04-10T00:00:00
ID OSVDB:768
Type osvdb
Reporter OSVDB
Modified 2002-04-10T00:00:00

Description

Vulnerability Description

A remote overflow exists in IIS Active Server Pages (ASP). IIS fails to allocate the proper size buffer resulting in a heap-based overflow. With a specially crafted request, an attacker can cause either a DoS or the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.

Technical Description

This bug is almost exactly like OSVDB ID#3301, except that it is caused by a different component of the ASP data transfer process and does not affect version IIS version 5.1. Also, the URLScan tool can be used to mitigate this bug, but cannot be used for OSVDB ID#3301.

Solution Description

Install Patch Q319733, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workarounds:

  1. Disable ASP - Version 1.0 of the IIS Lockdown Tool disables ASP by default, and version 2.1 disables ASP if "Static Web Server" is selected.

  2. The URLScan tool can be configured to block chunked encoding requests.

Short Description

A remote overflow exists in IIS Active Server Pages (ASP). IIS fails to allocate the proper size buffer resulting in a heap-based overflow. With a specially crafted request, an attacker can cause either a DoS or the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Solution URL: http://www.microsoft.com/technet/security/tools/locktool.asp Vendor Specific Solution URL: http://www.microsoft.com/downloads/search.asp?Search=Keyword&Value='security_patch'&OpSysID=1 Vendor Specific Solution URL: http://www.microsoft.com/technet/security/URLScan.asp Vendor Specific Advisory URL Snort Signature ID: 1618 Related OSVDB ID: 3301 Other Advisory URL: http://www.eeye.com/html/Research/Advisories/AD20020410.html Other Advisory URL: http://www.nipc.gov/warnings/advisories/2002/02-002.htm Other Advisory URL: http://www.iss.net/security_center/alerts/advise114.php Other Advisory URL: http://www.securiteam.com/windowsntfocus/5SP0F006UA.html Nessus Plugin ID:10935 Microsoft Security Bulletin: MS02-018 Microsoft Knowledge Base Article: 319688 Microsoft Knowledge Base Article: 319733 ISS X-Force ID: 8795 Generic Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2002-05/0023.html CVE-2002-0079 CIAC Advisory: M-066 CERT VU: 610291 CERT: CA-2002-09 Bugtraq ID: 4485