Screaming Penguin - Source Does Matter

The latest IIS exploit. Malformed HTTP headers can consume all memory on the server causing denial of service. Check the release.The following is a Security Bulletin from the Microsoft Product Security Notification Service. Microsoft Security Bulletin (MS99-029) --------------------------------------Patch Available for "Malformed HTTP Request Header" VulnerabilityOriginally Posted: August 11, 1999Summary=======Microsoft has released a patch that eliminates a vulnerability in web server products that use Microsoft(r) Internet Information Server 4.0 as their web engine. The vulnerability could be used to mount denial of service attacks against the web server. Frequently asked questions regarding this vulnerability can be found at Ms Security Bulletin MS99-029Issue=====If multiple HTTP requests containing specially-malformed headers are sent to an affected server, IIS may consume all memory on the server. If thishappens, IIS would be unable to service requests until either the clientsthat issued the requests were closed, or the IIS service were stopped andrestarted. Once either of these actions have occurred, normal service wouldbe restored.Affected Software Versions==========================- Microsoft Internet Information Server 4.0- Microsoft Site Server 3.0- Microsoft Site Server 3.0, Commerce Edition- Microsoft Commerce Internet Server 2.0 and 2.5BR>Patch Availability==================- X86 version:ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/hdbrk-fix/x86- Alpha version:ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/hdbrk-fix/alphaHere we go again, hotfixin.