Re: [NTSEC] IIS 4 Advisory - ExAir sample site DoS

[mikehow () MICROSOFT COM (Michael Howard)]

we've always recommended people remove ALL samples from any production
server - incl ExAir, WSH, and ADO samples etc.

Cheers, MH
IIS Security


-----Original Message-----
From: mnemonix [mailto:mnemonix () globalnet co uk]
Sent: Tuesday, January 26, 1999 8:36 AM
To: ntbugtraq () listserv ntbugtraq com
Cc: ntsecurity () iss net; bugtraq () netspace org
Subject: [NTSEC] IIS 4 Advisory - ExAir sample site DoS



TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo () iss net
Contact ntsecurity-owner () iss net for help with any problems!
---------------------------------------------------------------------------

This advisory is for those that have Internet Information Server 4 installed
with the IIS sample site "ExAir".

There are three Active Server Pages that, if called directly without the
default ExAir page and associated dlls ever having been loaded into the IIS
memory space, will hang and eventually time out after 90 secs - the default
script timeout period. Whilst in this state, processor usage increases to
100% and the server becomes very sluggish.

These pages are:
Exair - root/search/advsearch.asp
Exair - root/search/query.asp
Exair -root/search/search.asp

The Exair directory and all subdirectories should be deleted - they are not
needed.

NTInfoScan will check if your site is vulnerable to this problem. More
information about NTInfoScan can be found at
http://www.infowar.co.uk/mnemonix/ntinfoscan.htm

Cheers,
David Litchfield
http://www.infowar.co.uk/mnemonix
ps - apologies to the owner of the server.com domain.