Information Security News mailing list archives
MS Server Attack Tool Unleashed
From: William Knowles <wk () C4I ORG>
Date: Thu, 17 Aug 2000 04:12:58 -0500
http://www.wired.com/news/technology/0,1282,38259,00.html by Michelle Delio 10:00 a.m. Aug. 16, 2000 PDT A newly released automated Web-based tool can scan Microsoft's Internet Information Server (IIS) for multiple reported IIS vulnerabilities, according to iDEFENSE Intelligence Services. This Web tool can be used to scan unsuspecting systems to identify vulnerabilities prior to an attack. Then, through the successful exploitation of the discovered vulnerabilities, an attacker could gain access to source code possibly containing user names and passwords, locations of MS Access MDB files, or other sensitive information. Using the automated Web tool, Security Namodro, a Czech Republic security firm, reported being able to penetrate dozens of systems and obtain information ranging from email addresses to usernames and passwords. Access to this tool is now publicly available on its website hosted in the Czech Republic, purportedly so that Web administrators can test their own sites. Due to the now-public release of the tool, coupled with the short length of time some of the Microsoft patches have been available, iDEFENSE Intelligence Services is predicting an increase of attacks against systems operating IIS. Sammy Migues, iDEFENSE's chief scientist, says that the Czech Web page serves as an example of how easy it is to automate some attacks on websites. "There are several other examples of freely downloadable tools that scan websites for dozens of software and configuration vulnerabilities," Migues said. "Having such a tool on a Web page like this, however, allows people who are too scared to run tools from their own IP address to 'test' sites from this Web server." The original posting about the website was made to the NTBugtraq discussion list, Migues says. The vulnerabilities the automated tool tests for are not new, but the poster (whose name is being withheld) said that an "informal test" done by his security team showed that many IIS websites were vulnerable to these bugs. Migues feels that in the short term, there may be an upswing in attacks on IIS servers. "In reality, however, these particular attacks are simply URLs that anyone can type in from any Web browser anywhere, and so people are actively trying to exploit these holes all the time anyway." Migues hopes the publicity will inspire organizations to patch their servers. Service Pack 1 for Windows 2000 contains fixes for these vulnerabilities in IIS 4.0 and 5.0 along with patches for several unrelated vulnerabilities. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- MS Server Attack Tool Unleashed William Knowles (Aug 17)