iis_webdav_lock_memory_leak.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

#
# This script was written by Gregory Duchemin <plugin@intranode.com>
#
# See the Nessus Scripts License for details
#
#
# Title: WebDab Extensions Memory Leakage in IIS5/Win2K using LOCK Method.
#
#
#

#### REGISTER SECTION ####

if(description)
{
 script_id(10732);
 script_bugtraq_id(2736);

 script_version ("$Revision: 38 $");


#Name used in the client window.

name["english"] = "IIS 5.0 WebDav Memory Leakage";
name["francais"] = "IIS 5.0 WebDav, fuites de memoire.";
script_name(english:name["english"], francais:name["francais"]);


#Description appearing in the Nessus client window when clicking on the name.

desc["english"]="
The WebDav extensions (httpext.dll) for Internet Information
Server 5.0 contains a flaw that may allow a malicious user to
consume all available memory on the target server by sending 
many requests using the LOCK method associated to a non 
existing filename.
 
This concern not only IIS but the entire system since the flaw can 
potentially exhausts all system memory available.

Vulnerable systems: IIS 5.0 ( httpext.dll versions prior to 0.9.3940.21 )

Immune systems: IIS 5 SP2( httpext.dll version 0.9.3940.21)

Solution: Download Service Pack 2/hotfixes from Microsoft web
at http://windowsupdate.microsoft.com

Risk factor : High";



desc["francais"]="
Les extensions WebDav de IIS 5.0 comporte des fuites de m閙oire qui 
permettent