Vulnerabilities > CVE-2001-0508 - Unspecified vulnerability in Microsoft Internet Information Services 5.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
nessus

Summary

Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Nessus

NASL familyWeb Servers
NASL idIIS_ISAPI_OVERFLOW.NASL
descriptionThere
last seen2020-06-01
modified2020-06-02
plugin id10685
published2001-06-19
reporterThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10685
titleMicrosoft IIS ISAPI Filter Multiple Vulnerabilities (MS01-044)
code
#
# (C) Tenable Network Security, Inc.
#

# This script was written by Renaud Deraison <[email protected]>
# It was modified by H D Moore to not crash the server during the test
#
# Supercedes MS01-033


include("compat.inc");

if(description)
{
 script_id(10685);
 script_version ("1.51");
 script_cve_id( "CVE-2001-0544", "CVE-2001-0545", "CVE-2001-0506", "CVE-2001-0507", "CVE-2001-0508", "CVE-2001-0500");
 script_bugtraq_id(2690, 2880, 3190, 3193, 3194, 3195);
 script_xref(name:"MSFT", value:"MS01-033");
 script_xref(name:"MSFT", value:"MS01-044");
 script_xref(name:"MSKB", value:"294774");
 script_xref(name:"MSKB", value:"297860");
 script_xref(name:"MSKB", value:"298340");
 script_xref(name:"MSKB", value:"300972");
 script_xref(name:"MSKB", value:"301625");
 script_xref(name:"MSKB", value:"304867");
 script_xref(name:"MSKB", value:"305359");

 script_name(english:"Microsoft IIS ISAPI Filter Multiple Vulnerabilities (MS01-044)");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"There's a buffer overflow in the remote web server through
the ISAPI filter.
 
It is possible to overflow the remote web server and execute 
commands as user SYSTEM.

Additionally, other vulnerabilities exist in the remote web
server since it has not been patched." );
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2001/ms01-033" );
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2001/ms01-044" );
 script_set_attribute(attribute:"solution", value:
"Apply the patches from the bulletins above." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"exploited_by_malware", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'MS01-033 Microsoft IIS 5.0 IDQ Path Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');

 script_set_attribute(attribute:"plugin_publication_date", value: "2001/06/19");
 script_set_attribute(attribute:"patch_publication_date", value: "2001/06/18");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/05/06");
 script_cvs_date("Date: 2018/11/15 20:50:25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:iis");
script_end_attributes();


 script_summary(english:"Tests for a remote buffer overflow in IIS");
 script_category(ACT_ATTACK);
 script_family(english:"Web Servers");
 script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.");
 script_dependencie("find_service1.nasl", "http_version.nasl", "www_fingerprinting_hmap.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

# The attack starts here
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);
b = get_http_banner(port: port);
if ("IIS" >!< h ) exit(0);
   
     
w = http_send_recv3(method: "GET", port: port,
  item: "/x.ida?"+crap(length:220, data:"x")+"=x");
if (isnull(w)) exit(1, "the web server did not answer");
r = strcat(w[0], w[1], '\r\n', w[2]);

    # 0xc0000005 == "Access Violation"
    if ("0xc0000005" >< r)
    {
        security_hole(port);
    }

Seebug

bulletinFamilyexploit
descriptionCVE CAN ID : CAN-2001-0508 Microsoft IIS 5.0 WebDAV处理中存在一个拒绝服务漏洞,远程攻击者可以临时中断IIS 5.0服务。 WebDAV没有正确的处理特定类型的请求,特别是请求相当长而且其中包含某种 类型的无效数据时。这会导致内存访问错误,从而使得IIS 5.0进程中断。由于缺省情况 下,IIS 5.0会自动重启。因此这只会临时中断IIS服务。 Microsoft IIS 5.0 - Microsoft Windows 2000 厂商补丁: 微软已经为此发布了一个安全公告(MS01-044)以及相应补丁程序: <a href=http://www.microsoft.com/technet/security/bulletin/MS01-044.asp target=_blank>http://www.microsoft.com/technet/security/bulletin/MS01-044.asp</a> 补丁下载: Microsoft IIS 5.0: <a href=http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32011 target=_blank>http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32011</a>
idSSV:3636
last seen2017-11-19
modified2008-07-16
published2008-07-16
reporterRoot
titleMicrosoft IIS 5.0 WebDAV拒绝服务漏洞(MS01-044)