[10863] in bugtraq
Re: Microsoft Peer Web Services vulnerability
daemon@ATHENA.MIT.EDU (Scott Culp)
Fri Jun 18 16:50:21 1999
Message-Id: <FFD1BA74C6A7D111A09500805F9F88F50F899C4F@RED-MSG-43>
Date: Fri, 18 Jun 1999 12:51:40 -0700
Reply-To: Scott Culp <scottcu@MICROSOFT.COM>
From: Scott Culp <scottcu@MICROSOFT.COM>
X-To: "Colette.Chamberland@MAIL.STATE.KY.US"
<Colette.Chamberland@MAIL.STATE.KY.US>
To: BUGTRAQ@NETSPACE.ORG
Colette,
Microsoft Peer Web Services is IIS 4.0. It's affected by the vulnerability,
and covered by the patch. Cheers,
Scott
-----Original Message-----
From: Colette.Chamberland@MAIL.STATE.KY.US
[mailto:Colette.Chamberland@MAIL.STATE.KY.US]
Sent: Thursday, June 17, 1999 11:36 AM
To: BUGTRAQ@NETSPACE.ORG
Subject: Microsoft Peer Web Services vulnerability
ADVISORY
6/17/1999
This advisory is for those that run "Microsoft Peer Web Services" in
addition to the
advisory for Microsoft's IIS 4. It also limits Web-based administration to
the loopback address
(127.0.0.1) by default. It also has the ism.dll in the /scripts/iisadmin
directory,
which allows users / attackers to access the ISAPI application used for
remote
web-based administration from an non-loopback IP address.
NOTE: An attacker can simply do a search on Alta Vista for "Microsoft Peer
Web Services".
They then get a complete list of NT Workstations running this service. All
they need to do,
is append the following to the End of the url:
/scripts/iisadmin/ism.dll?http/dir.
The user will then be prompted for a UserID and password and if successful
authentication takes place they are given access to sensitive server
information. It provides an attacker with a means to brute
force / guess the Administrators password and if successful an enormous
amount of reconnaissance work can be achieved through the application's use.
Colette Chamberland
http://www.mc2.nu
