GEN:SID | 1:963 |
Message | WEB-FRONTPAGE svcacl.cnf access |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in a web server running Microsoft FrontPage Server Extensions.
|
Impact | Information gathering and system integrity compromise. Possible unauthorized administrative access to the server or application. Possible execution of arbitrary code of the attackers choosing in some cases. Denial of Service is possible.
|
Detailed Information | This event is generated when an attempt is made to compromise a host running Microsoft FrontPage Server Extensions. Many known vulnerabilities exist for this platform and the attack scenarios are legion.
This event indicates that an attempt has been made to access the file svcacl.cnf which may contain sensitive information about the host and applications using the FrontPage extensions.
Svcacl.cnf contains data about permissions and IP address restrictions on all of the sub-webs. This information would be very valuable to a hacker and could be used to plan future attacks.
|
Affected Systems | Systems using Microsoft FrontPage Server Extensions 98
|
Attack Scenarios | Many attack vectors are possible from simple directory traversal to exploitation of buffer overflow conditions.
|
Ease of Attack | Simple. Many exploits exist.
|
Corrective Action | Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.
|
Additional References | Microsoft: http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q188/2/57.ASP&NoWebContent=1&NoWebContent=1
|
Rule References | bugtraq: 4078
nessus: 10575
|