Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1024 |
| Message | WEB-IIS newdsn.exe access |
| Summary | This event is generated when an attempt is made to access the newdsn.exe file, which is a sample program installed with Internet Information Server (IIS) 3.0. |
| Impact | File creation. This attack can allow the creation of a new Microsoft Access Database (.mdb) file on the vulnerable server. |
| Detailed Information | IIS 3.0 comes with a sample program newdsn.exe. An attacker can craft a URL to reference this executable and, as a parameter, pass the name of a new file to be created. The file may have any extension, but will be considered a Microsoft Access Database file. |
| Affected Systems | IIS 3.0 servers |
| Attack Scenarios | An attacker can craft a URL to execute the vulnerable newdsn.exe and create a Microsoft Access Database file on the vulnerable server. |
| Ease of Attack | Simple. |
| Corrective Action | Delete the newdsn.exe file. Upgrade to a more current version of IIS. |
| Additional References | CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0191 |
| Rule References | bugtraq: 1818 cve: 1999-0191 nessus: 10360 |
--
DID:435869
--
http://www.aanval.com/