lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060322021840.96F3910F5@lists.grok.org.uk>
Date: Wed Mar 22 02:18:47 2006
From: mail at hackingspirits.com (Debasis Mohanty)
Subject: w3wp remote DoS

 
Sorry, if you are receiving multiple copies of it. Just resending as the one
that I sent last night has not yet appeared.

w3wp remote DoS due to improper reference of STA COM components in ASP.NET
===========================================================================

Vendor: Microsoft Corporation
MSRC (Microsoft Security Response Center) Case No: MSRC 6367sd Product Info:
IIS Worker Process (w3wp)

I. BACKGROUND
Early last year while I was trying out few canonicalization attacks on sites
running asp.net applications, I came across an un-expected remote DoS
against the worker process (i.e. w3wp). As the frequency of success was
*random*, I didn't took much interest in it. However during one more test in
my home lab, I was able to reproduce the same w3wp crash again (almost with
7 out of 10 success ratio) which is why I thought of debugging and
investigating more on this issue.

After working for more than one month with Microsoft (MSRC) on this issue,
it is finally concluded that the crash can occur un-expectedly and is due to
improper reference of COM or COM+ in the asp.net applications. Often
developers forget to use the AspCompat directive which is required while
referencing COM components in ASP.NET. Below are the links which provides
the insight on the appropriate usage of AspCompat :
http://msdn2.microsoft.com/en-us/library/zwk9h2kb.aspx
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/
dbgch04.asp


II.	PROOF-OF-CONCEPT
The exploit code and the PoC details can be downloaded from the following
link:
http://hackingspirits.com/vuln-rnd/vuln-rnd.html

Regards,
Debasis Mohanty




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ