Microsoft IIS newdsn.exe Arbitrary File Creation

1997-08-27T00:00:00
ID OSVDB:275
Type osvdb
Reporter OSVDB
Modified 1997-08-27T00:00:00

Description

Vulnerability Description

Microsoft IIS contains a flaw that allows a remote attacker to create arbitrary files or a denial of service on a remote server. The issue is due to the "newdsn.exe" CGI application not sanitizing arguments provided. If an attacker is able to create a file on the system, it can be leveraged for additional privileges.

Solution Description

Remove newdsn.exe from the /scripts/tools web directory. This is normally mapped to C:InetPubScriptsTools but may be found in a different location depending on your installation.

Short Description

Microsoft IIS contains a flaw that allows a remote attacker to create arbitrary files or a denial of service on a remote server. The issue is due to the "newdsn.exe" CGI application not sanitizing arguments provided. If an attacker is able to create a file on the system, it can be leveraged for additional privileges.

Manual Testing Notes

Check for presence of /scripts/tools/newdsn.exe

References:

Snort Signature ID: 1024 Nessus Plugin ID:10360 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1997_3/0456.html ISS X-Force ID: 1530 CVE-1999-0191 Bugtraq ID: 1818