[ISN] IIS buffer-overrun attack has been scripted

From: InfoSec News (isnat_private)
Date: Mon Jul 09 2001 - 01:19:01 PDT

  • Next message: InfoSec News: "[ISN] Joking Hacker 'Saint' Sentenced"

    http://www.theregister.co.uk/content/4/20223.html
    
    By Thomas C Greene in Washington
    Posted: 06/07/2001 at 07:42 GMT
    
    A Japanese computer enthusiast named 'HighSpeed Junkie' has developed
    an attack script for a recently-identified unchecked buffer in the
    Microsoft IIS (Internet Information Services) Indexing Service ISAPI
    filter, which, if exploited, can yield system-level access to an
    intruder.
    
    At issue is IDQ.DLL, a component of Index Server (or 'Indexing
    Service' in W2K) which supports administrative scripts (.IDA files)
    and Internet Data Queries (.IDQ files). The library is installed by
    default on all IIS versions and implementations.
    
    The service need not be running for an attacker to exploit the
    vulnerability. So long as script mapping for .IDQ or .IDA files is
    present and an attacker can establish a Web session, the exploit will
    work.
    
    The vulnerability was first reported by eEye Security on 18 June. The
    attack script was released on 21 June, and posted to the
    Win2KSecAdvice mailing list on 27 June.
    
    Patches are available for NT and 2K, except for W2K Datacenter Server,
    whose users need to bug their OEMs. The hole will be bunged in Win-XP
    before it and its Raw Socket Terror are unleashed upon the public.
    
    
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 01:43:42 PDT