GEN:SID | 1:976 |
Message | WEB-IIS .bat? access |
Summary | This event is generated when an attempt is made to reference a .bat file to execute arbitrary commands on an Internet Information Services (IIS) server.
|
Impact | Remote access. This attack can execute arbitrary commands on the IIS server with the privileges of the user running IIS.
|
Detailed Information | Microsoft Internet Information Service (IIS) uses .bat and .cmd to execute code using the Common Gateway Interface (CGI). A .bat file or .cmd file can be passed a malicious command to be executed on the server. This is accomplished by preceding the malicious command with an ampersand. This allows execution of arbitrary commands with the privileges of the user running IIS.
|
Affected Systems | Hosts running IIS 1.0
|
Attack Scenarios | An attacker can pass a .bat or .cmd file a malicious command to be executed.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to a more current version of IIS. |
Additional References | Microsoft http://support.microsoft.com/support/kb/articles/Q148/1/88.asp http://support.microsoft.com/support/kb/articles/Q155/0/56.asp
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0233
Bugtraq http://www.securityfocus.com/bid/2023
Nessus http://cgi.nessus.org/plugins/dump.php3?id=10362
|
Rule References | bugtraq: 2023
cve: 1999-0233
url: support.microsoft.com/support/kb/articles/Q148/1/88.asp
url: support.microsoft.com/support/kb/articles/Q155/0/56.asp
|