Anyone ever noticed this error message "The data area
passed to a system call is too small." with Microsoft
IIS when using Basic authentication? Here's some
details on how to reproduce this,
Operating system: Windows 2000 server, service pack4
(Running all the latest patches)
Software: Microsoft IIS 5 (Running all the latest
patches), Internet Explorer 6.0 service pack1
Steps to reproduce the problem,
1) Create a virtual directory in IIS, create a
default.html page under the virtual directory, enable
default document for the directory and set the default
page to default.html Set the authentication mechanism
to "Basic authentication" (uncheck all other forms of
authentication)
2) Try to access the above site using internet
explorer, an authentication dialog will pop up. In the
username and password text fields, copy and paste some
huge amount of data, the site reports an error "The
data area passed to a system call is too small."
My question, is the above thing a known issue and is
it exploitable (could it result in a stack or heap
buffer overflow?)
I tested this on a secure test web site. Any thoughts
on this?
Thanks,
Randhir V.
=====
"If you can imagine it, you can achieve it; if you can dream it, you can become it."
(William Arthur Ward)
Received on May 08 2004
Intro
