Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1024 |
Message | WEB-IIS newdsn.exe access |
Summary | This event is generated when an attempt is made to access the newdsn.exe file, which is a sample program installed with Internet Information Server (IIS) 3.0. |
Impact | File creation. This attack can allow the creation of a new Microsoft Access Database (.mdb) file on the vulnerable server. |
Detailed Information | IIS 3.0 comes with a sample program newdsn.exe. An attacker can craft a URL to reference this executable and, as a parameter, pass the name of a new file to be created. The file may have any extension, but will be considered a Microsoft Access Database file. |
Affected Systems | IIS 3.0 servers |
Attack Scenarios | An attacker can craft a URL to execute the vulnerable newdsn.exe and create a Microsoft Access Database file on the vulnerable server. |
Ease of Attack | Simple. |
Corrective Action | Delete the newdsn.exe file. Upgrade to a more current version of IIS. |
Additional References | CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0191 |
Rule References | bugtraq: 1818 cve: 1999-0191 nessus: 10360 |
--
DID:435869
--
http://www.aanval.com/