Results 1 to 4 of 4

Thread: ISS vulnerabilities

  1. #1
    Senior since the 3 dot era
    Join Date
    Nov 2001

    IIS vulnerabilities

    New vulnerabilities are discovered (April 11th 2002), all customers using M$ IIS on NT4.0 / Win 2K and Win XP systems should consider reading the following info and apply the patches or solutions mentioned.

    source: www.securityspace.com

    Title: MS FTPd DoS
    ID: 10934
    Category: FTP
    URL: http://www.securityspace.com/smysecu....html?id=10934
    Summary: Checks if the remote ftp can be crashed
    It was possible to make the remote FTP server crash
    by sending the command 'STAT *?AAAAA....AAAAA'

    An attacker may use this flaw to prevent your FTP server
    from working properly

    Solution : see
    Risk factor : Medium

    Title: IIS XSS via 404 error
    ID: 10936
    Category: CGI abuses
    URL: http://www.securityspace.com/smysecu....html?id=10936
    Summary: Tests for IIS XSS via 404 errors
    This IIS Server appears to vulnerable to one of the cross site scripting
    attacks described in MS020-018. The default '404' file returned by IIS uses
    scripting to output a link to
    top level domain part of the url requested. By crafting a particular URL it
    is possible to insert arbitrary script into the
    page for execution.

    The presence of this vulnerability also indicates that you are vulnerable to
    the other issues identified in MS020-018 (various remote buffer overflow and
    cross site scripting attacks...)


    Risk factor : Medium

    Title: IIS .HTR ISAPI filter applied
    ID: 10932
    Category: CGI abuses
    URL: http://www.securityspace.com/smysecu....html?id=10932
    Summary: Tests for IIS .htr ISAPI filter
    The IIS server appears to have the .HTR ISAPI filter mapped.

    At least one remote vulnerability has been discovered for the .HTR
    filter. This is detailed in Microsoft Advisory
    MS02-018, and gives remote SYSTEM level access to the web server.

    It is recommended that even if you have patched this vulnerability that
    you unmap the .HTR extension, and any other unused ISAPI extensions
    if they are not required for the operation of your site.

    To unmap the .HTR extension:
    1.Open Internet Services Manager.
    2.Right-click the Web server choose Properties from the context menu.
    3.Master Properties
    4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
    and remove the reference to .htr from the list.

    Risk factor : High

    Title: IIS FrontPage ISAPI Denial of Service
    ID: 10937
    Category: Denial of Service
    URL: http://www.securityspace.com/smysecu....html?id=10937
    Summary: Tests for a DoS in IIS
    There's a denial of service vulnerability on the remote host
    in the Front Page ISAPI filter.

    An attacker may use this flaw to prevent the remote service
    from working properly.

    Solution: See http://www.microsoft.com/technet/sec...n/ms02-018.asp
    Risk factor : Medium

    Title: IIS ASP ISAPI filter Overflow
    ID: 10935
    Category: Gain root remotely
    URL: http://www.securityspace.com/smysecu....html?id=10935
    Summary: Tests for a remote buffer overflow in IIS
    There's a buffer overflow in the remote web server through
    the ASP ISAPI filter.

    It is possible to overflow the remote web server and execute
    commands as user SYSTEM.

    Solution: See http://www.microsoft.com/technet/sec...n/ms02-018.asp
    Risk factor : High

  2. #2
    Join Date
    Oct 2001
    M$ Strikes again... I wonder how many new IIS Vulnerabilities are discovered daily ?

  3. #3
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Ohh, sorry ppl I made a mistype ISS instead of IIS and it does not change on the forum page when you change the topic with edit your post... I got to report this bug to JP.

    Next sorry to Souleman, seems that his post http://www.antionline.com/showthread...hreadid=224754 handles about a patch release that also covers 4 of the 5 vulnerabilities I mentioned in this thread. They are all covered in the Microsoft Advisory MS02-018.

  4. #4
    Senior Member
    Join Date
    Dec 2001
    One word: Apache. Even if it's for Windows, it still runs great and Apache 2.0 alpha is out now... Why bother with IIS and for that matter Windows?
    Search First Ask Second. www.google.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts