Gain root remotely : IIS .HTR overflow

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11028

Categoría: Gain root remotely

Título: IIS .HTR overflow

Resumen: NOSUMMARY

Descripción: Description:

The remote server is vulnerable to a buffer overflow in the .HTR
filter.

An attacker may use this flaw to execute arbitrary code on
this host (although the exploitation of this flaw is considered
as being difficult).

Solution:
To unmap the .HTR extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .htr from the list.

See MS bulletin MS02-028 for a patch

Risk factor : High

Referencia Cruzada: BugTraq ID: 4855
BugTraq ID: 5003
Common Vulnerability Exposure (CVE) ID: CVE-2002-0364
http://www.securityfocus.com/bid/4855
Bugtraq: 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] (Google Search)
http://marc.info/?l=bugtraq&m=102392069305962&w=2
Bugtraq: 20020613 VNA - .HTR HEAP OVERFLOW (Google Search)
http://online.securityfocus.com/archive/1/276767
CERT/CC vulnerability note: VU#313819
http://www.kb.cert.org/vuls/id/313819
Microsoft Security Bulletin: MS02-028
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-028
http://marc.info/?l=ntbugtraq&m=102392308608100&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A29
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html
http://www.iss.net/security_center/static/9327.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0071
@stake Security Advisory: A041002-1
http://www.atstake.com/research/advisories/2002/a041002-1.txt
BugTraq ID: 4474
http://www.securityfocus.com/bid/4474
Bugtraq: 20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun (Google Search)
http://marc.info/?l=bugtraq&m=101854087828265&w=2
http://www.cert.org/advisories/CA-2002-09.html
CERT/CC vulnerability note: VU#363715
http://www.kb.cert.org/vuls/id/363715
Cisco Security Advisory: 20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Microsoft Security Bulletin: MS02-018
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
http://www.osvdb.org/3325
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A130
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A45
http://www.iss.net/security_center/static/8799.php

Copyright This script is Copyright (C) 2002 Renaud Deraison

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11028
Categoría:	Gain root remotely
Título:	IIS .HTR overflow
Resumen:	NOSUMMARY
Descripción:	Description: The remote server is vulnerable to a buffer overflow in the .HTR filter. An attacker may use this flaw to execute arbitrary code on this host (although the exploitation of this flaw is considered as being difficult). Solution: To unmap the .HTR extension: 1.Open Internet Services Manager. 2.Right-click the Web server choose Properties from the context menu. 3.Master Properties 4.Select WWW Service -> Edit -> HomeDirectory -> Configuration and remove the reference to .htr from the list. See MS bulletin MS02-028 for a patch Risk factor : High
Referencia Cruzada:	BugTraq ID: 4855 BugTraq ID: 5003 Common Vulnerability Exposure (CVE) ID: CVE-2002-0364 http://www.securityfocus.com/bid/4855 Bugtraq: 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] (Google Search) http://marc.info/?l=bugtraq&m=102392069305962&w=2 Bugtraq: 20020613 VNA - .HTR HEAP OVERFLOW (Google Search) http://online.securityfocus.com/archive/1/276767 CERT/CC vulnerability note: VU#313819 http://www.kb.cert.org/vuls/id/313819 Microsoft Security Bulletin: MS02-028 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-028 http://marc.info/?l=ntbugtraq&m=102392308608100&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A182 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A29 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html http://www.iss.net/security_center/static/9327.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0071 @stake Security Advisory: A041002-1 http://www.atstake.com/research/advisories/2002/a041002-1.txt BugTraq ID: 4474 http://www.securityfocus.com/bid/4474 Bugtraq: 20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun (Google Search) http://marc.info/?l=bugtraq&m=101854087828265&w=2 http://www.cert.org/advisories/CA-2002-09.html CERT/CC vulnerability note: VU#363715 http://www.kb.cert.org/vuls/id/363715 Cisco Security Advisory: 20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Microsoft Security Bulletin: MS02-018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 http://www.osvdb.org/3325 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A130 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A45 http://www.iss.net/security_center/static/8799.php
Copyright	This script is Copyright (C) 2002 Renaud Deraison