[ISN] Program exploits Windows 2000 flaw

From: InfoSec News (isnat_private)
Date: Tue Mar 25 2003 - 00:27:55 PST

  • Next message: InfoSec News: "[ISN] CERT, Feds Consider New Reporting Process"

    By Robert Lemos 
    Staff Writer, CNET News.com
    March 24, 2003
    A Venezuelan security consultant has released a small program designed
    to compromise Microsoft Internet Information Service servers that
    haven't had a recent security hole patched.
    Monday's public release of the program's source code--known in
    security parlance as an exploit--will allow less technically
    knowledgeable system administrators to test for the existence of the
    vulnerability or allow less skillful miscreants to attack servers.
    "I released (the code) to enlighten the public and to promote system
    security for administrators unfamiliar with these exploits," said
    Rafael Nunez, information security consultant for Scientech de
    Venezuela and a former hacker who used the handle "RaFa."
    The release of the code on two security lists--BugTraq and
    VulnWatch--is the latest twist in the story of the Windows 2000 flaw
    that Microsoft announced a week ago.
    The flaw, which Microsoft said could be exploited through the World
    Wide Web Distributed Authoring and Versioning (WebDAV) component of
    Internet Information Service (IIS) 5.0, allows an attacker to take
    control of the server. The flaw was discovered March 12 by the U.S.  
    military after a public Web server was compromised by the
    Microsoft declined to comment on the issue, except to say that
    customers should patch their systems. Nunez also stressed that system
    administrators need to patch their systems before a virus writer uses
    the vulnerability as a vector for a computer worm.
    "This exploit is very serious," Nunez said. "Any unpatched system can
    allow a remote intruder to obtain full administrator privileges. This
    exploit can be used by some malicious programmers to write worms that
    can automate Web site defacements and other malevolent operations."
    Nunez said that he got the code from other hackers on the Internet and
    cleaned it up before sending it to the two security lists to be
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Mar 25 2003 - 02:46:29 PST