Colette, Microsoft Peer Web Services is IIS 4.0. It's affected by the vulnerability, and covered by the patch. Cheers, Scott -----Original Message----- From: Colette.Chamberlandat_private [mailto:Colette.Chamberlandat_private] Sent: Thursday, June 17, 1999 11:36 AM To: BUGTRAQat_private Subject: Microsoft Peer Web Services vulnerability ADVISORY 6/17/1999 This advisory is for those that run "Microsoft Peer Web Services" in addition to the advisory for Microsoft's IIS 4. It also limits Web-based administration to the loopback address (127.0.0.1) by default. It also has the ism.dll in the /scripts/iisadmin directory, which allows users / attackers to access the ISAPI application used for remote web-based administration from an non-loopback IP address. NOTE: An attacker can simply do a search on Alta Vista for "Microsoft Peer Web Services". They then get a complete list of NT Workstations running this service. All they need to do, is append the following to the End of the url: /scripts/iisadmin/ism.dll?http/dir. The user will then be prompted for a UserID and password and if successful authentication takes place they are given access to sensitive server information. It provides an attacker with a means to brute force / guess the Administrators password and if successful an enormous amount of reconnaissance work can be achieved through the application's use. Colette Chamberland http://www.mc2.nu
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:50:04 PDT