[ISN] Microsoft plugs holes in Content Management Server

From: InfoSec News (isnat_private)
Date: Thu Aug 08 2002 - 23:24:27 PDT

  • Next message: InfoSec News: "[ISN] EEYE: Macromedia Shockwave Flash Malformed Header Overflow"

    By Joris Evers
    IDG News Service, 08/08/02 
    Microsoft has released a patch for three vulnerabilities, one
    "critical," in its Content Management Server 2001 software for
    building and maintaining Web sites.
    The most serious vulnerability lies in a user authentication function
    of the application. An attacker could get complete control over the
    system running the software by entering malformed data into a Web page
    that uses this authentication function. Such a Web page is part of the
    default Content Management Server 2001 installation, Microsoft said in
    an advisory Wednesday.
    Installing URLscan, a software tool recommended by Microsoft, will
    probably protect servers running Content Management Server 2001 from
    being taken over by an attacker, but the system can still be caused to
    fail, Microsoft noted.
    A second vulnerability in Content Management Server 2001 lies in a Web
    authoring feature. An attacker can upload a program to the Web server
    and execute it. This will not give the attacker full control over the
    server because of security features in Microsoft's Web server
    software, but it could be a starting point to try to gain additional
    privileges, Microsoft said.
    Content Management Server 2001 is typically installed on servers
    running Microsoft's Internet Information Server 5.0 for Web server
    support and SQL Server 7.0 or 2000 as the database, Microsoft said.
    The third vulnerability patched by Microsoft exists in the database
    features of Content Management Server 2001. An attacker could take any
    action on the database and run some operating system commands as well,
    but with limited privileges, Microsoft said.
    Microsoft urges Content Management Server 2001 users to "immediately"  
    apply the patch. Earlier versions of the content management software
    may be affected, but are no longer supported, the Redmond, Wash.,
    software maker said. More information can be found in Microsoft's
    security bulletin MS02-041.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Aug 09 2002 - 02:02:05 PDT