Microsoft Site Server cphost.dll Arbitrary Code Execution

2002-01-30T00:00:00
ID OSVDB:17669
Type osvdb
Reporter RFP(rfp@wiretrip.net)
Modified 2002-01-30T00:00:00

Description

Vulnerability Description

Microsoft Site Server contains a flaw that may allow a remote attacker to execute arbitrary ASP code. The issue is due to the 'cphost.dll' not properly sanitizing user input, specifically traversal style attacks (..). By specifying a specially crafted filename disposition parameter, a remote attacker can execute arbitrary ASP code resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Disable access to the 'cphost.dll' library.

Short Description

Microsoft Site Server contains a flaw that may allow a remote attacker to execute arbitrary ASP code. The issue is due to the 'cphost.dll' not properly sanitizing user input, specifically traversal style attacks (..). By specifying a specially crafted filename disposition parameter, a remote attacker can execute arbitrary ASP code resulting in a loss of integrity.

References:

Vendor URL: http://www.microsoft.com/ Snort Signature ID: 1817 Snort Signature ID: 1818 Security Tracker: 1003420 Related OSVDB ID: 17655 Related OSVDB ID: 17658 Related OSVDB ID: 17661 Related OSVDB ID: 17663 Related OSVDB ID: 17664 Related OSVDB ID: 17666 Related OSVDB ID: 17668 Related OSVDB ID: 17656 Related OSVDB ID: 17660 Related OSVDB ID: 17667 Related OSVDB ID: 17669 Related OSVDB ID: 831 Related OSVDB ID: 17652 Related OSVDB ID: 17654 Related OSVDB ID: 17657 Related OSVDB ID: 17670 Related OSVDB ID: 17653 Related OSVDB ID: 17659 Related OSVDB ID: 17662 Related OSVDB ID: 17665 Related OSVDB ID: 17671 Nessus Plugin ID:11018 Microsoft Knowledge Base Article: 248840 Mail List Post: http://marc.theaimsgroup.com/?l=vulnwatch&m=101235440104716&w=2 ISS X-Force ID: 8073 ISS X-Force ID: 8048 CVE-2002-1769 Bugtraq ID: 3998 Bugtraq ID: 4007