Korean

<< Back VID 22191 Severity 40 Port 80, ... Protocol TCP Class WWW Detailed Description The FrontPage Server Extensions is set with improper permissions. The FrontPage Server Extensions is installed along with the Internet Information Server(IIS) by default. It supports that web administrators or authors can author the web pages and manage the web sites directly using the FrontPage client program(such as FrontPage 2000). Three files, "shtml.dll", "_vti_adm\admin.dll", and "_vti_aut\author.dll", exist in the "_vti_bin" of the web server with FrontPage server extensions. "admin.dll", "author.dll" extensions files must be restricted to the authorized users(administrators, author) who are allowed to access. However, due to improper permissions settings on FrontPage Extensions, anonymous users can access to the web pages directly by using the FrontPage client program(FP2000, etc.) without authentication with the ID and Password. As a result, a remote attacker can perform a malicious actions such as deleing and authoring web pages directly, which causes web site to be defaced. * References: http://www.ciac.org/ciac/bulletins/k-048.shtml http://www.securityspace.com/smysecure/catid.html?id=11455 http://www.securityfocus.com/archive/88/63585 * Platforms Affected: Microsoft FrontPage server extension any version Recommendation Change the permissions of the FrontPage server extensions correctly. Block the anonymous access and allow authorized user access with ID and password. 1. Open the IIS management console. 2. Select /_vti_auth/author.dll and /_vti_admin/admin.dll files in "_vti_bin" directory of the default web site. 3. Select the "Properties" of these files. 4. Select the "File Security" tab and Click the "Editor" button of anonymous access and authentication control. 5. Remove the check mark on the "Allow anonymous access". 6. Add new user using "Server Extensions Administrator" of the default web site. Related URL (CVE) Related URL (SecurityFocus) Related URL 3682 (ISS)