GEN:SID | 1:1024 |
Message | WEB-IIS newdsn.exe access |
Summary | This event is generated when an attempt is made to access the newdsn.exe file, which is a sample program installed with Internet Information Server (IIS) 3.0.
|
Impact | File creation. This attack can allow the creation of a new Microsoft Access Database (.mdb) file on the vulnerable server.
|
Detailed Information | IIS 3.0 comes with a sample program newdsn.exe. An attacker can craft a URL to reference this executable and, as a parameter, pass the name of a new file to be created. The file may have any extension, but will be considered a Microsoft Access Database file.
|
Affected Systems | IIS 3.0 servers
|
Attack Scenarios | An attacker can craft a URL to execute the vulnerable newdsn.exe and create a Microsoft Access Database file on the vulnerable server.
|
Ease of Attack | Simple.
|
Corrective Action | Delete the newdsn.exe file.
Upgrade to a more current version of IIS. |
Additional References | CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0191
|
Rule References | bugtraq: 1818
cve: 1999-0191
nessus: 10360
|