|
|
Info |
Last Modified |
| 5 months ago |
|
|
|
|
Description |
A remote overflow exists in a safety check that IIS perfoms during server-side includes (SSI). IIS performs this safety check to ensure that a client-specified file is valid. It is possible to specify an invalid filename in such a way that bypasses the safety check. With a specially crafted URL, an attacker can cause either a DoS or the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.
|
|
Classification |
Location:
Local Access Required,
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Technical |
Arbitrary code will be executed with the privileges of the IWAM_computername account for default installations of IIS 5.0 and 5.1 The attacker would need the ability to influence the path name used by the SSI include function. In most cases, this limits exploitation of this flaw to users who can upload ASP scripts to the web server.
|
|
Solution |
Install Patch Q319733, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s):
1. Disable ASP - Version 1.0 of the IIS Lockdown Tool disables ASP by default, and version 2.1 disables ASP if "Static Web Server" is selected.
2. The URLScan tool can be used to prevent code execution, but not the DoS.
|
|
Products |
|
IIS
 |
4.0 |
5.0 |
5.1 |
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
