SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Microsoft Internet Information Server (IIS) Web Server Vendors:   Microsoft
Microsoft Internet Information Server Can Be Stopped By Local Users Removing Virtual Directories in a Shared Hosting Environment
SecurityTracker Alert ID:  1003446
SecurityTracker URL:  http://securitytracker.com/id/1003446
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 6 2002
Impact:   Denial of service via local system
Exploit Included:  Yes  

Description:   A local user with control over virtual directories used by Microsoft Internet Information Server (IIS) in a shared hosting environment may be able to cause the web services to halt.

A user reports that the IIS ADMIN and IIS WWW services can be made to stop by a local user removing a virtual directory that is being used by the services. This reportedly will create the following type of entries in the System Event Log:

1) The server was unable to add the virtual root " for the directory 'E:\user-data\paradigm\focus-stl' due to the following error: The system cannot find the path specified. The data is the error code.

2) The server was unable to add the virtual root " for the directory 'E:\user-data\ubrnetmall\TNI' due to the following error: The system cannot find the path specified. The data is the error code.

The author reports that a customer with FTP access to the server removed certain directories via FTP, causing the IIS services to stop. After the offending log entries were removed from the IIS console, operation reportedly returned to normal.

Some directory configuration examples are provided in the Source Message.

Impact:   A local user with FTP access to a shared virtual server can cause the IIS services on that server to stop.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (NT)
Underlying OS Comments:  Tested on NT4/SP6A + Security Rollup

Message History:   None.


 Source Message Contents

Subject:  IIS Services Stop if Virtual Root Deleted on Disk


We are on NT4/SP6A + Security Rollup

While running fine weeks on end, today we had IIS ADMIN and IIS WWW Services
stop (at random times but frequent - we think about every 10 minutes).

Our automated monitoring programs restarted the services and all was well,
however, the following were noted in the System Event Log:

#1:
        The server was unable to add the virtual root " for the directory
'E:\user-data\paradigm\focus-stl' due to the following error:  The system
cannot find the path specified.  The data is the error code.

#2:
        The server was unable to add the virtual root " for the directory
'E:\user-data\ubrnetmall\TNI' due to the following error:  The system cannot
find the path specified.  The data is the error code.


In both the above cases we had IIS Console entries for valid domains
pointing to these directories.  The customer has FTP access and decided to
remove the directories entirely via FTP.  The removal of the directories
caused both IIS services mentioned above to STOP.

Once the offending entries were removed from the IIS console everything has
functioned normally.  NOTE:  Stopping the offending entry in IIS console
does *not* solve the problem - you have to delete it entirely...


In the real world, our resellers are setup with a directory structure as
follows:
        e:\user-data\reseller\customer
        e:\user-data\reseller\customer1
        .
        .
        e:\user-data\reseller\customer5

When they add a hosted domain they tell us which directory
(customer...customer5) is the root and we make the entry in IIS.  If the
reseller removes a root we defined in IIS the above problem is created
rendering IIS useless.  You will al

This is a MS bug-to-boot and takes your entire server out of business.

Regards,

Greg Chatten
St. Louis Internet, Inc.
http://www.st-louis.net
636-458-2866
Fax: 314-215-4161

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper

Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC