Sign-up

ID

VAR-200106-0035


CVE

CVE-2001-0241


TITLE

Microsoft Windows 2000/Internet Information Server (IIS) 5.0 Internet Printing Protocol (IPP) ISAPI contains buffer overflow (MS01-023)

Trust: 0.8

sources: CERT/CC: VU#516648

DESCRIPTION

Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Microsoft Windows of ISAPI An extension contains a buffer overflow vulnerability because a part of the code that processes input parameters contains a buffer that is not checked for upper bounds.Local System Arbitrary code may be executed with the privileges of. DIIOP by default listens on port 63148. Making continuous and unusually large connection requests to port 63148, will invoke a DIIOP session. Each such connection request will launch a new DIIOP session. Eventually this process will cause CPU utilization to spike to 100% on the target host

Trust: 4.77

sources: NVD: CVE-2001-0241 // CERT/CC: VU#516648 // CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#555464 // JVNDB: JVNDB-2001-000061 // BID: 2599

AFFECTED PRODUCTS

vendor:lotusmodel: - scope: - version: -

Trust: 2.4

vendor:microsoftmodel:windows 2000scope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.8

vendor:microsoftmodel:windows 2000scope:eqversion:advanced server (iis 5.0 when operating )

Trust: 0.8

vendor:microsoftmodel:windows 2000scope:eqversion:datacenter server (iis 5.0 when operating )

Trust: 0.8

vendor:microsoftmodel:windows 2000scope:eqversion:professional (iis 5.0 when operating )

Trust: 0.8

vendor:microsoftmodel:windows 2000scope:eqversion:server (iis 5.0 when operating )

Trust: 0.8

vendor:microsoftmodel:windows 2000scope: - version: -

Trust: 0.6

vendor:lotusmodel:dominoscope:eqversion:5.0.6

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.5

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.4

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.3

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.2

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.1

Trust: 0.3

vendor:lotusmodel:dominoscope:neversion:5.0.7

Trust: 0.3

sources: CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#555464 // BID: 2599 // JVNDB: JVNDB-2001-000061 // CNNVD: CNNVD-200106-123 // NVD: CVE-2001-0241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0241
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#516648
value: 54.00

Trust: 0.8

CARNEGIE MELLON: VU#601312
value: 9.98

Trust: 0.8

CARNEGIE MELLON: VU#642760
value: 10.50

Trust: 0.8

CARNEGIE MELLON: VU#555464
value: 4.25

Trust: 0.8

NVD: CVE-2001-0241
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200106-123
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2001-0241
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#516648 // CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#555464 // JVNDB: JVNDB-2001-000061 // CNNVD: CNNVD-200106-123 // NVD: CVE-2001-0241

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0241

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200106-123

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200106-123

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2001-000061

PATCH
title:MS01-023url:http://www.microsoft.com/technet/security/bulletin/MS01-023.mspx
Trust: 0.8
title:MS01-023url:http://www.microsoft.com/japan/technet/security/bulletin/MS01-023.mspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2001-000061

EXTERNAL IDS
db:BIDid:2674
Trust: 3.2
db:NVDid:CVE-2001-0241
Trust: 2.4
db:CERT/CCid:VU#516648
Trust: 1.6
db:OSVDBid:3323
Trust: 1.6
db:BIDid:2599
Trust: 1.1
db:XFid:6347
Trust: 0.8
db:BIDid:2565
Trust: 0.8
db:CERT/CCid:VU#601312
Trust: 0.8
db:BIDid:2598
Trust: 0.8
db:XFid:6351
Trust: 0.8
db:CERT/CCid:VU#642760
Trust: 0.8
db:XFid:6350
Trust: 0.8
db:CERT/CCid:VU#555464
Trust: 0.8
db:JVNDBid:JVNDB-2001-000061
Trust: 0.8
db:MSid:MS01-023
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:1068
Trust: 0.6
db:CERT/CCid:CA-2001-10
Trust: 0.6
db:BUGTRAQid:20010501 WINDOWS 2000 IIS 5.0 REMOTE BUFFER OVERFLOW VULNERABILITY (REMOTE SYSTEM LEVEL ACCESS)
Trust: 0.6
db:XFid:6485
Trust: 0.6
db:CNNVDid:CNNVD-200106-123
Trust: 0.6
sources:
            
            
            CERT/CC: VU#516648 // 
            
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#642760 // 
            
            
            
            CERT/CC: VU#555464 // 
            
            
            
            BID: 2599 // 
            
            
            
            JVNDB: JVNDB-2001-000061 // 
            
            
            
            CNNVD: CNNVD-200106-123 // 
            
            
            
            NVD: CVE-2001-0241

REFERENCES
url:http://www.securityfocus.com/bid/2674
Trust: 3.2
url:http://www.securityfocus.com/advisories/3208
Trust: 2.4
url:http://www.cert.org/advisories/ca-2001-10.html
Trust: 2.4
url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126
Trust: 1.6
url:http://www.osvdb.org/3323
Trust: 1.6
url:http://www.microsoft.com/technet/security/bulletin/ms01-023.asp
Trust: 1.4
url:http://marc.info/?l=bugtraq&m=98874912915948&w=2
Trust: 1.0
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-023
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6485
Trust: 1.0
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1068
Trust: 1.0
url:http://www.eeye.com/html/research/advisories/ad20010501.html
Trust: 0.8
url:http://www.microsoft.com/technet/security/iis5chk.asp
Trust: 0.8
url:http://www.microsoft.com/technet/security/tools.asp
Trust: 0.8
url:http://www.microsoft.com/downloads/release.asp?releaseid=29321
Trust: 0.8
url:http://www.securityfocus.com/bid/2565
Trust: 0.8
url:http://xforce.iss.net/static/6347.php
Trust: 0.8
url:http://www.securityfocus.com/bid/2598
Trust: 0.8
url:http://xforce.iss.net/static/6351.php
Trust: 0.8
url:http://www.securityfocus.com/bid/2599
Trust: 0.8
url:http://xforce.iss.net/static/6350.php
Trust: 0.8
url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0241
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0241
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/516648
Trust: 0.8
url:http://marc.theaimsgroup.com/?l=bugtraq&m=98874912915948&w=2
Trust: 0.6
url:http://xforce.iss.net/static/6485.php
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1068
Trust: 0.6
url:http://www.lotus.com/home.nsf/welcome/domino
Trust: 0.3
sources:
            
            
            CERT/CC: VU#516648 // 
            
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#642760 // 
            
            
            
            CERT/CC: VU#555464 // 
            
            
            
            BID: 2599 // 
            
            
            
            JVNDB: JVNDB-2001-000061 // 
            
            
            
            CNNVD: CNNVD-200106-123 // 
            
            
            
            NVD: CVE-2001-0241

CREDITS
Riley Hassell※ riley@eeye.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200106-123

SOURCES
db:CERT/CCid:VU#516648
db:CERT/CCid:VU#601312
db:CERT/CCid:VU#642760
db:CERT/CCid:VU#555464
db:BIDid:2599
db:JVNDBid:JVNDB-2001-000061
db:CNNVDid:CNNVD-200106-123
db:NVDid:CVE-2001-0241

LAST UPDATE DATE
2024-09-15T21:32:04.005000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#516648date:2001-06-26T00:00:00
db:CERT/CCid:VU#601312date:2001-07-17T00:00:00
db:CERT/CCid:VU#642760date:2001-07-17T00:00:00
db:CERT/CCid:VU#555464date:2001-07-17T00:00:00
db:BIDid:2599date:2001-04-11T00:00:00
db:JVNDBid:JVNDB-2001-000061date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200106-123date:2005-05-02T00:00:00
db:NVDid:CVE-2001-0241date:2019-04-30T14:27:13.710

SOURCES RELEASE DATE
db:CERT/CCid:VU#516648date:2001-05-02T00:00:00
db:CERT/CCid:VU#601312date:2001-07-12T00:00:00
db:CERT/CCid:VU#642760date:2001-07-12T00:00:00
db:CERT/CCid:VU#555464date:2001-07-12T00:00:00
db:BIDid:2599date:2001-04-11T00:00:00
db:JVNDBid:JVNDB-2001-000061date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200106-123date:2001-05-01T00:00:00
db:NVDid:CVE-2001-0241date:2001-06-27T04:00:00