IIS 4 Advisory - ExAir sample site DoS

[mnemonix () GLOBALNET CO UK (mnemonix)]

This advisory is for those that have Internet Information Server 4 installed
with the IIS sample site "ExAir".

There are three Active Server Pages that, if called directly without the
default ExAir page and associated dlls ever having been loaded into the IIS
memory space, will hang and eventually time out after 90 secs - the default
script timeout period. Whilst in this state, processor usage increases to
100% and the server becomes very sluggish.

These pages are:
Exair - root/search/advsearch.asp
Exair - root/search/query.asp
Exair -root/search/search.asp

The Exair directory and all subdirectories should be deleted - they are not
needed.

NTInfoScan will check if your site is vulnerable to this problem. More
information about NTInfoScan can be found at
http://www.infowar.co.uk/mnemonix/ntinfoscan.htm

Cheers,
David Litchfield
http://www.infowar.co.uk/mnemonix
ps - apologies to the owner of the server.com domain.