http://www.nwfusion.com/news/2002/0808mscms.html By Joris Evers IDG News Service, 08/08/02 Microsoft has released a patch for three vulnerabilities, one "critical," in its Content Management Server 2001 software for building and maintaining Web sites. The most serious vulnerability lies in a user authentication function of the application. An attacker could get complete control over the system running the software by entering malformed data into a Web page that uses this authentication function. Such a Web page is part of the default Content Management Server 2001 installation, Microsoft said in an advisory Wednesday. Installing URLscan, a software tool recommended by Microsoft, will probably protect servers running Content Management Server 2001 from being taken over by an attacker, but the system can still be caused to fail, Microsoft noted. A second vulnerability in Content Management Server 2001 lies in a Web authoring feature. An attacker can upload a program to the Web server and execute it. This will not give the attacker full control over the server because of security features in Microsoft's Web server software, but it could be a starting point to try to gain additional privileges, Microsoft said. Content Management Server 2001 is typically installed on servers running Microsoft's Internet Information Server 5.0 for Web server support and SQL Server 7.0 or 2000 as the database, Microsoft said. The third vulnerability patched by Microsoft exists in the database features of Content Management Server 2001. An attacker could take any action on the database and run some operating system commands as well, but with limited privileges, Microsoft said. Microsoft urges Content Management Server 2001 users to "immediately" apply the patch. Earlier versions of the content management software may be affected, but are no longer supported, the Redmond, Wash., software maker said. More information can be found in Microsoft's security bulletin MS02-041. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Aug 09 2002 - 02:02:05 PDT