GEN:SID | 1:971 |
Message | WEB-IIS ISAPI .printer access |
Summary | This event is generated when an attempt is made to compromise a web server running IIS 5.0 by exploiting the ".printer" bug.
|
Impact | Serious. Remote unauthorized administrative access.
|
Detailed Information | With the increasing pervasion of the Internet, vendors are adding features into their software to support the networked world. Microsoft's initial implementation of one such feature were the ".printer" extensions on IIS 5.0 that first shipped with Windows 2000.
A bug exsisted in the initial release that could result in remote system level access to the web server. A patch has been released that fixes this bug.
|
Affected Systems | |
Attack Scenarios | A hacker could use this vulnerability to get a remote, system level command prompt on the server.
|
Ease of Attack | Simple. Exploit software exists.
|
Corrective Action | Install latest patches from the vendor, or disable the ".printer" extensions using the IIS administration tool.
|
Additional References | Vendor Security Bulletin: MS01-023 Bugtraq Archive: url,http://www.securityfocus.com/archive/1/181937
|
Rule References | arachnids: 533
bugtraq: 2674
cve: 2001-0241
nessus: 10661
|