GEN:SID | 1:1618 |
Message | WEB-IIS .asp chunked Transfer-Encoding |
Summary | This event is generated when an attempt is made to exploit a buffer overflow associated with chunked encoding processing of Active Server Pages (ASP) in Internet Information Services (IIS).
|
Impact | Remote Access. If the exploit is successful, an attacker can gain remote access of the target host.
|
Detailed Information | A buffer overflow exists with chunked encoding processing associated with ASP in IIS. Chunked encoding allows different sized chunks of data to be passed from the web client to the server. A heap overflow vulnerability exists because of an error in chunked encoding data transfer associated with the Internet Services Application Programming Interface (ISAPI) extension that implements ASP.
|
Affected Systems | Microsoft IIS 4.0 Cisco Building Broadband Service Manager 5.0 Cisco Call Manager 1.0, 2.0, 3.0 Cisco ICS 7750 Cisco IP/VC 3540 Cisco Unity Server 2.0, 2.2, 2.3, 2.4 Cisco uOne 1.0, 2.0, 3.0, 4.0 Microsoft BackOffice 4.0, 4.5 Microsoft Windows NT 4.0 Option Pack
Microsoft IIS 5.0 Microsoft Windows 2000 Advanced Server, SP1, SP2 Microsoft Windows 2000 Datacenter Server SP1, SP2 Microsoft Windows 2000 Professional, SP1, SP2 Microsoft Windows 2000 Server, SP1, SP2
|
Attack Scenarios | An attacker can craft a chunked encoded request to exploit the heap overflow.
|
Ease of Attack | Easy. Exploit code is freely available.
|
Corrective Action | Apply the cumulative patch Q319733.
|
Additional References | CVE http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0079
Bugtraq http://www.securityfocus.com/bid/4485
Microsoft http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-018.asp
|
Rule References | bugtraq: 4474
bugtraq: 4485
cve: 2002-0071
cve: 2002-0079
nessus: 10932
|