exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Internet Security Systems Security Alert May 2, 2001

Internet Security Systems Security Alert May 2, 2001
Posted May 3, 2001
Site xforce.iss.net

ISS X-Force is aware of a vulnerability that can be used to attack Microsoft Internet Information Server (IIS). This vulnerability may allow an attacker to compromise a host running a vulnerable version of IIS. The compromise may lead to Web page defacement and theft of sensitive or confidential information. In addition, this vulnerability can be used in conjunction with other exploits to further compromise affected systems.

tags | remote
systems | windows
SHA-256 | 775b962801b88729d6a6728a04293da2e67437ad128f3b5ef34731e52f9cb69e

Internet Security Systems Security Alert May 2, 2001

Change Mirror Download

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Alert
May 2, 2001

Remote IIS ISAPI Printer Extension Buffer Overflow

Synopsis:

ISS X-Force is aware of a vulnerability that can be used to attack Microsoft
Internet Information Server (IIS). This vulnerability may allow an attacker to
compromise a host running a vulnerable version of IIS. The compromise may lead
to Web page defacement and theft of sensitive or confidential information. In
addition, this vulnerability can be used in conjunction with other exploits to
further compromise affected systems.

Description:

The vulnerable ISAPI printer extension is included with Windows 2000, but it
can be accessed only through IIS 5.0. This functionality is included in default
IIS installations that have not been hardened and introduces the ability to
submit, cancel, or control print jobs over the web.

The IIS ISAPI printer extension vulnerability exists due to a buffer overflow
condition within the ISAPI extension. This vulnerability is particularly
dangerous because attackers may exploit this condition via default HTTP
listening ports on port 80 and 443.

After this vulnerability has been exploited, an attacker has the ability to
execute commands under the "SYSTEM" security context, allowing unrestricted
access to the target machine and all its contents.

Affected Versions:

Microsoft Windows IIS 5.0 running on:

Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server

Recommendations:

With the release of this exploit information, ISS X-Force urges all
administrators to move quickly to protect themselves from this vulnerability.
Microsoft has made patches available for this vulnerability.

For Microsoft Windows 2000 Server and Advanced Server:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29321

For Microsoft Windows 2000 Datacenter Server:
Patches for Windows 2000 Datacenter Server are hardware-specific and available
from the original equipment manufacturer.

For more information on this vulnerability please refer to the Microsoft
Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-023.asp

ISS X-Force recommends the application of the available patch immediately.

ISS RealSecure Intrusion Detection customers may use one of the following
user-defined signatures to detect exploitation attempts. Follow the
instructions below to apply the user-defined signature to your policy.

- From the Sensor window:
1. Right-click on the sensor and select 'Properties'.
2. Choose a policy you want to use, and click 'Customize'.
3. Select the 'User Defined Events' tab.
4. Click 'Add' on the right hand side of the dialog box.
5. Create a User Defined Event
6. Type in a name of the event, such as 'IIS ISAPI Printer Extension BO'
7. In the 'Context' field for each event, select 'URL_Data'. In the 'String'
field, type the following string if Internet Printing Protocol (IPP)
is not implemented:
\.printer$
If IPP is implemented, type the following string for the event:
null\.printer
9. Click 'Save', and then 'Close'.
10. Click 'Apply to Sensor' or 'Apply to Engine', depending on the version of
RealSecure you are using.


For additional information about this vulnerability, please reference:

http://www.eeye.com/html/Research/Advisories/AD20010501.html

_____

About Internet Security Systems (ISS)

Internet Security Systems is a leading global provider of security management
solutions for the Internet, protecting digital assets and ensuring safe and
uninterrupted e-business. With its industry-leading intrusion detection and
vulnerability assessment software, remote managed security services, and
strategic consulting and education offerings, ISS is a trusted security provider
to more than 8,000 customers worldwide including 21 of the 25 largest U.S.
commercial banks and the top 10 U.S. telecommunications companies. Founded in
1994, ISS is headquartered in Atlanta, GA, with additional offices throughout
North America and international operations in Asia, Australia, Europe, Latin
America and the Middle East. For more information, visit the Internet Security
Systems web site at www.iss.net or call 888-901-7477.


Copyright (c) 2001 Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent of
the X-Force. If you wish to reprint the whole or any part of this Alert in
any other medium excluding electronic medium, please e-mail xforce@iss.net
for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.


X-Force PGP Key available at: http://xforce.iss.net/sensitive.php
as well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBOvCDFDRfJiV99eG9AQFwtwQAp+lIhjW5IjEefirtobD39iFVKKtHEu7u
C0dcW3ca6gf0iC2LaxwOzY973SqQqeQUOpm23ZFFg6U6VdytPsvlH7/g/mETEHxk
TQyjNXH3pakHh9w4F2koxtnVn+mEVN52GTEhXeHS7XkXR3jzyOv97c8+/yAqSS8q
5Z5LF0rrA9A=
=LvI2
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close