Here is some data from ISS about this bug. The bug was used to hack some Army web servers, according to this story: http://www.computerworld.com/securitytopics/security/hacking/story/0,108 01,79478,00.html?nas=AM-79478 MICROSOFT IIS WEBDAV REMOTE COMPROMISE VULNERABILITY OVERVIEW A serious vulnerability exists within the Web-based Distributed Authoring and Versioning (WebDAV) component of Microsoft Internet Information Services (IIS) Web server. WebDAV extensions are used by administrators to manage and edit Web content remotely. HOW BIG IS THE RISK? This vulnerability is currently being exploited in the wild, and X-Force has verified the existence of a functional exploit tool. This vulnerability is in itself very serious, but the existence of robust exploits in the wild dictates that fixes or temporary workarounds should be applied immediately. WHAT IS THE VULNERABILITY? Exploitation of this vulnerability will yield local SYSTEM privileges on vulnerable IIS servers. This can potentially lead to the disclosure of confidential information contained on compromised Web servers. This vulnerability could easily be used to compromise IIS servers in an automated fashion, or as part of a self-propagating worm. Since the vulnerability is in an underlying library function and not within the IIS server itself, it is conceivable that other portions of the IIS server or completely unrelated services might also be affected. WHAT SYSTEMS ARE AT RISK? IIS 5.0 on Windows 2000 up to and including Service Pack 3 Not affected: IIS installations on Windows XP, Windows Server 2003 ___________________________________ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation Enterprise Security & Infrastructure Solutions 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com ___________________________________
This archive was generated by hypermail 2b30 : Tue Mar 18 2003 - 13:37:31 PST