Vulnerabilities > CVE-2008-0074 - Unspecified vulnerability in Microsoft products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
nessus
NVD
Published: 2008-02-12
Updated: 2024-11-21

Summary

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

Vulnerable Configurations

Part Description Count
Application
Microsoft
3

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS08-005.NASL
descriptionThe remote host contains a version of Microsoft Internet Information Services (IIS) that is vulnerable to a security flaw that could allow a local user to elevate his privileges to SYSTEM due to a bug in the way IIS handles file change notifications in the FTPRoot, NNTPFile\Root and WWWRoot folders.
last seen2020-06-01
modified2020-06-02
plugin id31039
published2008-02-12
reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/31039
titleMS08-005: Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(31039);
 script_version("1.28");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id("CVE-2008-0074");
 script_bugtraq_id(27101);
 script_xref(name:"MSFT", value:"MS08-005");
 script_xref(name:"MSKB", value:"942831");

 script_name(english:"MS08-005: Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)");
 script_summary(english:"Checks the remote file version for 942831");

 script_set_attribute(attribute:"synopsis", value:"A local user can elevate his privileges on the remote host.");
 script_set_attribute(attribute:"description", value:
"The remote host contains a version of Microsoft Internet Information
Services (IIS) that is vulnerable to a security flaw that could allow a
local user to elevate his privileges to SYSTEM due to a bug in the way
IIS handles file change notifications in the FTPRoot, NNTPFile\Root and
WWWRoot folders.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-005");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, Windows XP,
Windows 2003 Server and Windows Vista.");
 script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(264);

 script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/12");
 script_set_attribute(attribute:"patch_publication_date", value:"2008/02/12");
 script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/12");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS08-005';
kb = '942831';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'2', win2003:'1,2', vista:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_iis_installed() <= 0) audit(AUDIT_NOT_INST, "IIS");

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"6.0", sp:0, file:"infocomm.dll", version:"7.0.6000.20698", min_version:"7.0.6000.20000", dir:"\system32\inetsrv", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:0, file:"infocomm.dll", version:"7.0.6000.16576", dir:"\system32\inetsrv", bulletin:bulletin, kb:kb) ||

  hotfix_is_vulnerable(os:"5.2", sp:2, file:"infocomm.dll", version:"6.0.3790.4215", dir:"\system32\inetsrv", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:1, file:"infocomm.dll", version:"6.0.3790.3068", dir:"\system32\inetsrv", bulletin:bulletin, kb:kb) ||

  hotfix_is_vulnerable(os:"5.1", sp:2, file:"infocomm.dll", version:"6.0.2600.3290", dir:"\system32\inetsrv", bulletin:bulletin, kb:kb) ||

  hotfix_is_vulnerable(os:"5.0", file:"infocomm.dll", version:"5.0.2195.7147", dir:"\system32\inetsrv", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

accepted2011-11-14T04:00:29.721-05:00
classvulnerability
contributors
  • nameJeff Ito
    organizationSecure Elements, Inc.
  • nameChandan S
    organizationSecPod Technologies
definition_extensions
  • commentMicrosoft Windows 2000 SP4 or later is installed
    ovaloval:org.mitre.oval:def:229
  • commentMicrosoft IIS 5.0 is installed
    ovaloval:org.mitre.oval:def:731
  • commentMicrosoft Windows XP SP2 or later is installed
    ovaloval:org.mitre.oval:def:521
  • commentMicrosoft IIS 5.1 is installed
    ovaloval:org.mitre.oval:def:460
  • commentMicrosoft IIS 6.0 is installed
    ovaloval:org.mitre.oval:def:227
  • commentMicrosoft Windows XP Professional x64 Edition SP1 is installed
    ovaloval:org.mitre.oval:def:720
  • commentMicrosoft Windows Server 2003 SP1 (x86) is installed
    ovaloval:org.mitre.oval:def:565
  • commentMicrosoft Windows Server 2003 SP1 (x64) is installed
    ovaloval:org.mitre.oval:def:4386
  • commentMicrosoft Windows Server 2003 SP1 for Itanium is installed
    ovaloval:org.mitre.oval:def:1205
  • commentMicrosoft Windows XP x64 Edition SP2 is installed
    ovaloval:org.mitre.oval:def:4193
  • commentMicrosoft Windows Server 2003 SP2 (x86) is installed
    ovaloval:org.mitre.oval:def:1935
  • commentMicrosoft Windows Server 2003 SP2 (x64) is installed
    ovaloval:org.mitre.oval:def:2161
  • commentMicrosoft Windows Server 2003 (ia64) SP2 is installed
    ovaloval:org.mitre.oval:def:1442
  • commentMicrosoft IIS 7.0 is installed
    ovaloval:org.mitre.oval:def:5377
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
descriptionUnspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
familywindows
idoval:org.mitre.oval:def:5389
statusaccepted
submitted2008-02-14T10:00:19
titleInternet Information Services Local Privilege Elevation Vulnerability
version38

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 27101 CVE(CAN) ID: CVE-2008-0074 Microsoft Internet信息服务(IIS)是Microsoft Windows自带的一个网络信息服务器,其中包含HTTP服务功能。 IIS处理FTPRoot、NNTPFile\Root和WWWRoot文件夹中文件变化通知的方式存在本地权限提升漏洞,成功利用这个漏洞的攻击者可以在本地系统安全环境中执行任意指令。 Microsoft IIS 7.0 Microsoft IIS 6.0 Microsoft IIS 5.1 Microsoft IIS 5.0 临时解决方法: * 在Windows Server 2003上停止FTP和NNTP服务: net stop msftpsvc net stop nntpsvc * 对于用于执行用户控制ASP页面的帐号,拒绝对NNTP root、FTP root和WWW root文件夹的写访问: cacls c:\inetpub\ftproot /E /P IUSR_WS2003ENTSP1:R cacls c:\inetpub\ftproot /E /P USERS:R cacls c:\inetpub\nntpfile\root /E /P &quot;ANONYMOUS LOGON&quot;:R cacls c:\inetpub\nntpfile\root /E /P EVERYONE:R 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-005)以及相应补丁: MS08-005:Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831) 链接:<a href=http://www.microsoft.com/technet/security/Bulletin/MS08-005.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-005.mspx?pf=true</a>
idSSV:2902
last seen2017-11-19
modified2008-02-20
published2008-02-20
reporterRoot
titleMicrosoft IIS文件更改通知本地权限提升漏洞(MS08-005)

References