At 6/16/2002 11:19 AM, Armish wrote: >When i was testing one my pcs about security,The program found a vuln. about >/_vti_bin/_vti_aut/dvwssr.ddl . What is this file?How can it become a >risk?How can I close this hole?(Too much questions,ha? :) ....) >thanks for all answers... Armish, According to rain forest puppy's advisory at http://www.wiretrip.net/rfp/p/doc.asp/i2/d45.htm, "The NT 4 Option Pack ships with a particular ISAPI .dll in /_vti_bin/_vti_aut/ named dvwssr.dll, which is mixed in with the Microsoft FrontPage extensions (the version I have is 3.0.2.1105). This particular .dll allows you to read .asp (and .asa) files under the web root, providing you know the 'password' (obfuscated encoding scheme) of which to ask it. And, as implied by the title, the constant key used in the encoding is "Netscape engineers are weenies!"." Although there was some dispute about the encoding key, Microsoft issued Security Bulletin MS00-025, which is at http://www.microsoft.com/technet/security/bulletin/MS00-025.asp, which states, "Dvwssr.dll is a server-side component used to support the Link View feature in Visual Interdev 1.0. However, it contains an unchecked buffer. If overrun with random data, it could be used to cause an affected server to crash, or could allow arbitrary code to run on the server in a System context." You can close the hole by deleting the file, as is recommended by Microsoft. The only functionality lost is the "ability to generate link views of .asp pages using Visual Interdev 1.0." Michael Katz mikeat_private Procinct Security
This archive was generated by hypermail 2b30 : Sun Jun 16 2002 - 20:17:35 PDT