| VID |
22034 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The IIS 5.0 web server has the .printer ISAPI extension mapped.
The IIS (Internet Information Server) 5.0 Web Server has support for the Internet Printing Protocol (IPP), which is enabled in a default install. The protocol is implemented in IIS5 as an ISAPI extension. At least one security problem (a buffer overflow) has been found with that extension in the past, so we recommand you disable it if you do not use this functionality.
A buffer overflow problem reported recently in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain administrator privileges via a long print request that is passed to the extension through IIS 5.0. This is a very serious vulnerability, and We strongly recommends that all IIS 5.0 administrators install the patch immediately. See the following site for more details about a buffer overflow problem:
http://www.eeye.com/html/Research/Advisories/AD20010501.html
* Note : This check item for checking safely only tests whether IIS 5.0 .printer ISAPI filter is applied. If you want to perform the real test by a buffer overflow, you can do it by scanning after enabling the "www/IIS5/ipp_bof/real" item in "Denial of Service Attacks" from the Policy Editor.
* Platforms Affected:
Microsoft IIS 5.0
Windows 2000 Any version
* References:
http://www.securityfocus.com/bid/2674
http://www.iss.net/security_center/static/6485.php |
| Recommendation |
If it's not needed, unmap the Internet Printing ISAPI (.printer) extension in the Internet Services Manager.
To unmap the Internet Printing ISAPI extension:
1. Open Internet Services Manager.
2. Right-click the Web server, and choose Properties from the context menu.
3. Master Properties
4. Select WWW Service | Edit | HomeDirectory | Configuration, and remove the reference to .printer from the list.
-- OR --
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS01-023, http://www.microsoft.com/technet/security/bulletin/ms01-023.asp |
| Related URL |
CVE-2001-0241 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
