Vulnerability in Microsoft IIS Serving Classic ASP Pages
------------------------------------------------------------------------------------------
The Internet Storm Center has reported a vulnerability in Microsoft Internet Information Services (IIS)
6.0 and earlier. The vulnerability exists due to the way IIS processes filenames containing non-alphanumeric characters; specifically a semi-colon. Due to thisvulnerability, a file that is uploaded to an IIS 6.0 or earlier web serve as‘bad.asp;.jpg’ will be stored as‘bad.asp’. Depending upon the storage location of the file, it could potentially allow for execution by IIS. This vulnerability only affects classic ASP, not ASP.NET.Additionally, a web-based application that allows file uploads must exist for this vulnerability to be exploited.At this time,no patch is available from Microsoft.
Recommendation:
1.Never allow execute permissions in the directory where uploads are stored.
2.Disallow unusual characters,such as a semi-colon or colon, in filenames.
3.Ensure web applications run with less than SYSTEM privileges.
4.Require authentication for uploads.
------------------------------------------------------------------------------------------
The Internet Storm Center has reported a vulnerability in Microsoft Internet Information Services (IIS)
6.0 and earlier. The vulnerability exists due to the way IIS processes filenames containing non-alphanumeric characters; specifically a semi-colon. Due to thisvulnerability, a file that is uploaded to an IIS 6.0 or earlier web serve as‘bad.asp;.jpg’ will be stored as‘bad.asp’. Depending upon the storage location of the file, it could potentially allow for execution by IIS. This vulnerability only affects classic ASP, not ASP.NET.Additionally, a web-based application that allows file uploads must exist for this vulnerability to be exploited.At this time,no patch is available from Microsoft.
Recommendation:
1.Never allow execute permissions in the directory where uploads are stored.
2.Disallow unusual characters,such as a semi-colon or colon, in filenames.
3.Ensure web applications run with less than SYSTEM privileges.
4.Require authentication for uploads.
References
Internet Storm Center:
http://isc.sans.org/diary.html?storyid=7810
Soroush:
http://soroush.secproject.com/downloadable/iis-semicolon-report.pdf
No comments:
Post a Comment