Signature Detail

HTTP: IIS ASP Chunked Encoding Buffer Overflow

This signature detects attempts to exploit a known vulnerability against the chunked encoding transfer mechanism in Microsoft IIS 4.0 and 5.0. Attackers can send a maliciously crafted HTTP request for an Active Server Page (.asp) to execute arbitrary commands with system privileges.

Extended Description

A heap overflow condition in the 'chunked encoding transfer mechanism' related to Active Server Pages has been reported for Microsoft IIS (Internet Information Services). This condition affects IIS 4.0 and IIS 5.0. Exploitation of this vulnerability may result in a denial of service or allow for a remote attacker to execute arbitrary instructions on the victim host. Microsoft IIS 5.0 is reported to ship with a default script (iisstart.asp) which may be sufficient for a remote attacker to exploit. Other sample scripts may also be exploitable. A number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves.

Affected Products

• Cisco Building Broadband Service Manager (BBSM) 4.0.1
• Cisco Building Broadband Service Manager (BBSM) 4.2.0
• Cisco Building Broadband Service Manager (BBSM) 4.3.0
• Cisco Building Broadband Service Manager (BBSM) 4.4.0
• Cisco Building Broadband Service Manager (BBSM) 4.5.0
• Cisco Building Broadband Service Manager (BBSM) 5.0.0
• Cisco Building Broadband Service Manager (BBSM) 5.1.0
• Cisco Call Manager 3.0.0
• Cisco Call Manager 3.1.0
• Cisco Call Manager 3.2.0
• Cisco Unity Server 2.0.0
• Cisco Unity Server 2.1.0
• Cisco Unity Server 2.2.0
• Cisco Unity Server 2.3.0
• Cisco Unity Server 2.4.0
• Microsoft IIS 4.0
• Microsoft IIS 5.0

References

• BugTraq: 4485
• CERT: CA-2002-09
• CVE: CVE-2002-0079
• URL: http://www.kb.cert.org/vuls/id/610291