SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Microsoft Internet Information Server (IIS) Web Server Vendors:   Microsoft
(Exploit is Available) Re: Microsoft IIS Web Server WebDAV Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1006358
SecurityTracker URL:  http://securitytracker.com/id/1006358
CVE Reference:   CVE-2003-0109   (Links to External Site)
Date:  Mar 21 2003
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 5.0
Description:   A buffer overflow vulnerability was reported in Microsoft Internet Information Server (IIS) in its World Wide Web Distributed Authoring and Versioning (WebDAV) protocol implementation. A remote user could execute arbitrary code with Local System privileges. Systems running on Windows 2000 are vulnerable.

A remote user can send a specially crafted HTTP header to the server to trigger the buffer overflow and execute arbitrary code. The code will run in the Local System security context, giving the remote user full control of the system.

The buffer overflow reportedly resides in ntdll.dll, used by the IIS WebDAV component.

IIS installations on Windows NT, XP, and Windows Server 2003 are reportedly not affected. IIS 4.0 reportedly does not have WebDAV enabled by default.

CERT reported in advisory CA-2003-09 that an exploit for this flaw has been publicly circulated. A user has reported that an exploit is available at:

http://rafa.h0stile.net/iis_txt.c

Impact:   A remote user can execute arbitrary code on the system in the security context of the IIS service. By default, IIS runs in the LocalSystem context.
Solution:   The vendor has released the following patch.

For all versions of Windows 2000 except Japanese NEC:

http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en

For Japanese NEC:

http://microsoft.com/downloads/details.aspx?FamilyId=FBCF9847-D3D6-4493-8DCF-9BA29263C49F&displaylang=ja

Microsoft indicates that the patch can be installed Windows 2000 SP2 or SP3. They plan to include this fix in Windows 2000 SP4.

A reboot of your system is required after installing the patch.

Microsoft has released Knowledge Base article 815021 regarding this issue, available at:

http://support.microsoft.com/default.aspx?scid=kb;en-us;815021

Microsoft has described several workarounds and tools in their advisory that can be used to mitigate this flaw, available at:

http://www.microsoft.com/technet/security/bulletin/MS03-007.asp

Vendor URL:  www.microsoft.com/technet/security/bulletin/MS03-007.asp (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 17 2003 Microsoft IIS Web Server WebDAV Buffer Overflow Lets Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [VulnWatch] iis 0day exploit


------=_NextPart_000_001C_01C2EFB7.44B45DC0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

exploit at  http://rafa.h0stile.net/iis_txt.c

Regards

-----------------------------------------------------
Rafael N=FA=F1ez
Senior Research Scientist
 Latin American Security & Intelligence Operations
Scientech de Venezuela
-----------------------------------------------------
[w] http://www.scientech.com.ve
[e] rnunez@scientech.com.ve
----------------------------------------------------
Tlf.:(58-212) 952.42.66
Fax:(58-212) 951.36.35=20
----------------------------------------------------
------=_NextPart_000_001C_01C2EFB7.44B45DC0--



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC