Re: Microsoft Security Bulletin MS03-018 - 811114
From: Seth (noone_at_localhost)
Date: 05/30/03
- Next message: bob gossett: "e-mail"
- Previous message: Peter Baird: "Re: Content advisor"
- In reply to: Seth: "Re: Microsoft Security Bulletin MS03-018 - 811114"
- Next in thread: mike singer: "Re: Microsoft Security Bulletin MS03-018 - 811114"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 May 2003 08:35:07 -0400
I was right. If this is exploited, the attacker will get local system and
not a user level account. See
http://www.nsfocus.com/english/homepage/sa2003-05.htm
~Seth
"Seth" <noone@localhost> wrote in message
news:eVpNlrfJDHA.2764@tk2msftngp13.phx.gbl...
> Jerry,
>
> There is some confusion with the Server Side Include Buffer Overrun
> vulnerability. The article states, "By default, IIS 5.0 runs under a user
> account and not under the system account. Therefore, an attacker who
> successfully exploited this vulnerability would gain only user level
> permissions instead of administrative level permissions." - This is not
> true, the inetinfo process for IIS 5.0 always runs as system. In addition,
> the metabase property, InProcessIsapiApps, lists ssinc.dll. This means
that
> ssinc.dll must run in the inetinfo process.
>
> Is this just a mistake in the article or is vulnerability simply
restricted
> to the privileges of the impersonated account?
>
> Thanks,
>
> ~Seth
>
>
>
> "Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
> news:eKNsOaUJDHA.4048@tk2msftngp13.phx.gbl...
> > Title: Cumulative Patch for Internet Information Service (811114)
> > Date: May 28, 2003
> > Software: Microsoft Internet Information Server 4.0, Microsoft Internet
> > Information Services 5.0, Microsoft Internet Information Services 5.1
> > Impact: Allow an attacker to execute code of their choice
> > Maximum Severity Rating: Important
> > Bulletin: MS03-018
> >
> > The Microsoft Security Response Center has released Microsoft Security
> > Bulletin MS03-018
> >
> > What Is It?
> > The Microsoft Security Response Center has released Microsoft Security
> > Bulletin MS03-018 which concerns a vulnerability in the Internet
> Information
> > Server versions listed above. Customers are advised to review the
> > information in the bulletin and test and deploy the patch in their
> > environments, if applicable.
> >
> > More information is now available at
> > http://www.microsoft.com/technet/security/bulletin/MS03-018.asp
> >
> > If you have any questions regarding the patch or its implementation
after
> > reading the above listed bulletin you should contact Product Support
> > Services in the United States at 1-866-PCSafety (1-866-727-2338).
> > International customers should contact their local subsidiary.
> >
> >
> > --
> > Regards,
> >
> > Jerry Bryant - MCSE, MCDBA
> > Microsoft IT Communities
> >
> > Get Secure! www.microsoft.com/security
> >
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> >
>
>
- Next message: bob gossett: "e-mail"
- Previous message: Peter Baird: "Re: Content advisor"
- In reply to: Seth: "Re: Microsoft Security Bulletin MS03-018 - 811114"
- Next in thread: mike singer: "Re: Microsoft Security Bulletin MS03-018 - 811114"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
