Vulnerabilities > CVE-1999-0191 - Unspecified vulnerability in Microsoft Internet Information Server 3.0

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
microsoft
nessus
exploit available
NVD
Published: 1997-09-01
Updated: 2008-09-09

Summary

IIS newdsn.exe CGI script allows remote users to overwrite files.

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Exploit-Db

descriptionMicrosoft IIS 3.0 newdsn.exe File Creation Vulnerability. CVE-1999-0191. Remote exploit for windows platform
idEDB-ID:20309
last seen2016-02-02
modified1997-08-25
published1997-08-25
reporterVytis Fedaravicius
sourcehttps://www.exploit-db.com/download/20309/
titleMicrosoft IIS 3.0 newdsn.exe File Creation Vulnerability

Nessus

NASL familyCGI abuses
NASL idNEWDSN.NASL
descriptionThe CGI /scripts/tools/newdsn.exe is present. This CGI allows any attacker to create files anywhere on your system if your NTFS permissions are not tight enough, and can be used to overwrite DSNs of existing databases.
last seen2020-06-01
modified2020-06-02
plugin id10360
published2000-04-01
reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10360
titleMicrosoft IIS newdsn.exe Arbitrary File Creation
code
#
# (C) Tenable Network Security, Inc.
#

include( 'compat.inc' );

if(description)
{
  script_id(10360);
  script_version ("1.30");
  script_cve_id("CVE-1999-0191");
  script_bugtraq_id(1818);

  script_name(english:"Microsoft IIS newdsn.exe Arbitrary File Creation");
  script_summary(english:"Checks for the presence of /scripts/tools/newdsn.exe");

  script_set_attribute(
    attribute:'synopsis',
    value:'The remote service is vulnerable to an access control breach.'
  );

  script_set_attribute(
    attribute:'description',
    value:"The CGI /scripts/tools/newdsn.exe is present.

This CGI allows any attacker to create files anywhere on your system if your
NTFS permissions are not tight enough, and can be used to overwrite DSNs of
existing databases."
  );

  script_set_attribute(
    attribute:'solution',
    value: "Remove newdsn.exe"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");

  script_set_attribute(
    attribute:'see_also',
    value:'https://seclists.org/bugtraq/1997/Sep/70'
  );

 script_set_attribute(attribute:"plugin_publication_date", value: "2000/04/01");
 script_set_attribute(attribute:"vuln_publication_date", value: "1997/08/27");
 script_cvs_date("Date: 2018/11/15 20:50:18");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.");
  script_family(english:"CGI abuses");
  script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl");
  script_require_ports("Services/www", 80);
  script_require_keys("Settings/ParanoidReport", "www/iis");
  exit(0);
}

#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if ( report_paranoia < 2 )
 exit(0, "This script only runs in 'paranoid' mode as it is prone to false positive.");

port = get_http_port(default:80);
b = get_http_banner(port: port, exit_on_fail: 1);
if ("IIS" >!< b) exit(0, "The web server on port "+port+" is not IIS.");

cgi = "/scripts/tools/newdsn.exe";
res = is_cgi_installed3(item:cgi, port:port);
if(res)security_hole(port);

References