Multiple Vulnerabilities in Microsoft IIS 5.0 and 4.0
Multiple Vulnerabilities exist in Microsoft IIS 5.0 and 4.0
August 16, 2001
Reported August 16, 2001, byMicrosoft.
VERSIONS AFFECTED
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
DESCRIPTION
Thefollowing multiple vulnerabilities exist in Internet Information (IIS):
A Denial of Service (DoS) vulnerability exists in IIS 4.0 that an attacker can exploit to cause the IIS service to fail if URL redirection has been enabled.
A Denial of Service (DoS) vulnerability exists in IIS 5.0 that an attacker can use to temporarily disrupt service on the Web server. WWW Distributed Authoring and Versioning (WebDAV) doesn't correctly handle a particular type of long, invalid request, which causes the IIS service to fail.
A Denial of Service (DoS) vulnerability exists involving the way IIS 5.0 interprets content that contains a particular type of invalid MIME header. If an attacker places content containing such a defect on a server and then requests the content, the IIS 5.0 service is unable to serve any content until the user removes this false entry from the File Type table for the site.
A buffer overrun vulnerability exists involving the code that performs server-side include (SSI) directives. An attacker who has the ability to place content on a server can include a malformed SSI directive that results in an attacker running code in Local System context when the server processes the content.
A privilege elevation vulnerability exists that results from a flaw in a table that IIS 5.0 refers to when determining whether the system shoud use in-process or out-of-process. IIS 5.0 contains a table that lists the system files, which should always run in-process. However, this list provides the files using relative as well as absolute addressing, which causes any file whose name matches that of a file on the list to run in-process.
VENDOR RESPONSE
Thevendor, Microsoft, has released securitybulletin MS01-044to address these vulnerabilities and recommends that users apply the followingpatches relevant to their system:
InternetInformation Services 5.0
InternetInformation Server 4.0
The patches contain a cumulative rollup of all previouslyavailable patches for IIS 5.0 and all available patches for IIS 4.0 since therelease of Service Pack 5 (SP5).
CREDIT
Discovered by John Waters,NSFocus, and Oded Horovitz.
About the Author
You May Also Like