M$ IIS 3.0 newdsn.exe problem

Summary
Description:newdsn.exe under MS IIS 3.0 allows creation of arbitrary files (just names, not contents) in the wwwroot directory tree
Author:Vytis Fedaravicius <vytix@FLOYD.KTU.LT>
Compromise:create bogus files on webservers, it isn't clear if you can overwrite files. A DoS attack at minumum
Vulnerable Systems:Those running Micro$oft IIS v.3.0 with newdsn.exe installed. This includes a number of WinNT machines.
Date:25 September 1997
Details


Date: Thu, 25 Sep 1997 16:15:14 +0300
From: Vytis Fedaravicius <vytix@FLOYD.KTU.LT>
To: NTBUGTRAQ@NTADVICE.COM
Subject: samples from IIS allows creation of any file

Hello,
while playing with default installation of Microsoft IIS,  I have
discovered that tool for data source cration, newdsn.exe allows creation
of *.mdb files with any name at any location. Eg. url
http://vulnerable.site.com/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=Evil+samples+from+microsoft&dbq=..%2F..%2Fwwwroot%2Fevil.html&newdb=CREATE_DB&attr=

will create file evil.html in wwwroot directory.
evil.html in fact is a Microsoft Access Database.
I am sure someone nasty can think of a DOS or even breaking in using this.

Software: MS IIS 3.0 default installation  on WinNT 4.0 server
Solution: delete newdsn.exe :)

Microsoft was not informed about that, if someone wants, please feel free
to forward this e-mail.

Vytis Fedaravicius

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault