COMMAND

    IIS

SYSTEMS AFFECTED

    IIS 4.0 (german)

PROBLEM

    Marc Ruef  found following.   He found  a new  method to  start  a
    denial of service-attack against a Windows NT which prefers to use
    IIS 4.0 to provide a service over HTTP.

    If  you  send  an  uninteresting  Win32-binairy-file with the well
    known iishack-utility by the eEye Digital Security Team over  port
    80 to a  target which uses  the german version  of the www-daemon,
    the webserver will crash itself and close port 80 (HTTP).  Only  a
    reboot can restart the service correctly.

    A lot  of german  web-pages with  a lot  of traffic are vulnerable
    against this attack:  One good example is the official homepage of
    one of the biggest travel-agency here in Switzerland.

SOLUTION

    Nothing yet.