SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Microsoft Internet Information Server (IIS) Web Server Vendors:   Microsoft
(Vendor Updates Bulletin) Re: Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
SecurityTracker Alert ID:  1001478
SecurityTracker URL:  http://securitytracker.com/id/1001478
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 4 2001
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Microsoft Windows 2000 Internet Information Services 5.0, Microsoft Windows 2000 Internet Information Services 5.0 + Service Pack 1
Description:   eEye Digital Security reported a vulnerability in the Windows 2000 version of Internet Information Server 5.0. The security hole lets remote users execute arbitrary code on the server in the "system" context, which could allow the remote user to obtain system level access on the server.

The vendor announces an updated version of their security bulletin, available at:

http://www.microsoft.com/technet/security/bulletin/MS01-023.asp

The vendor notes that, contrary to the original version of the bulletin, Windows 2000 Professional is affected by this vulnerability.

Impact:   A remote user could cause the IIS web server to execute arbitrary code in the "system" context, which could allow the remote user to obtain system level access on the server (i.e., take complete control of the server).
Solution:   The vendor has released a fix and strongly recommends that all customers with affected servers apply the patch. See the Vendor URL for patch information.
Vendor URL:  www.microsoft.com/technet/security/bulletin/ms01-023.asp (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
May 1 2001 Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server



 Source Message Contents

Subject:  Updated Information: Internet Printing ISAPI Buffer Overrun


-----BEGIN PGP SIGNED MESSAGE-----

Hi All -

Russ forwarded several queries to us regarding Microsoft Security
Bulletin MS01-023
(http://www.microsoft.com/technet/security/bulletin/MS01-023.asp). 
We've updated the bulletin, but I thought it might be helpful to pass
the answers back to the broader NTBugTraq audience.
*       Contrary to the original version of the bulletin, Windows 2000
Professional can be affected by this vulnerability.  The Internet
Printing ISAPI extension is installed by default on Windows 2000
Professional, and it is possible to install IIS 5.0 on a Professional
machine.  
*       If you use the Internet Services Manager to unmap the extension,
you should be aware that this setting can be overridden by group
policy.  Specifically, if Computer Configuration | Administrative
Templates | Printers | Web-based Printing is enabled, it will take
precedence over the settings in the ISM.  (By default, this setting
is not configured).  If you decide to unmap the extension rather than
apply the patch, please be sure to verify that group policy won't
reinstate the extension.

The updated bulletin has additional information, particularly on the
latter issue.  Sorry for any confusion we may have caused.  Regards,

Scott Culp
Security Program Manager
Microsoft Security Response Center

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBOvHWtI0ZSRQxA/UrAQGvWAgAl5E+Zay+OOcXN+31Snnx6GaSA1UR+6jh
xIgq+LxIZ4CUh6qjSEbCBQ99DR3H2vHzLAYCtJBNfSyFo0p/Bfr2FacXEuyTC1Uj
yiFKNEsEjBmwRHIjkn5yk8LIcvrnQWYDYs/RRDaGKR13ld4/eUAWosDvHoO3J921
tzaeEJzrOoIQlnD8peJe7PQwnxbTb9BDGBfTAJlGIoaUCzmCuKw24l9Cz8q0tSPX
6usoNZevMXUP0IUQZQTtNTDJ60GWta44nlfP+ps3CZl+R9cYi4+Ze32HbTow+vqq
qdqPMYEGIPtLrI0aiMnMh1EO8DSfnEA99DQeKGEqRXeBlqWTapJAZg==
=SNUw
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC