ID

VAR-200906-0272

CVE

CVE-2009-1535

TITLE

Microsoft IIS WebDAV Remote Authentication Bypass

DESCRIPTION

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122. Microsoft Internet Information Service (IIS) is prone to multiple authentication-bypass vulnerabilities because the application fails to properly enforce access restrictions on certain requests to password-protected WebDAV folders. An attacker can exploit these issues to gain unauthorized access to protected WebDAV resources, which may lead to other attacks. This issue affects IIS 5.0, 5.1, and 6.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-160A Microsoft Updates for Multiple Vulnerabilities Original release date: June 09, 2009 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Office * Microsoft Internet Explorer Overview Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, and Internet Explorer. I. Description As part of the Microsoft Security Bulletin Summary for June 2009, Microsoft released updates to address vulnerabilities that affect Microsoft Windows, Office, and Internet Explorer. II. Impact A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash. III. Solution Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for June 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for June 2009 - <http://www.microsoft.com/technet/security/bulletin/ms09-jun.mspx> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> * US-CERT Vulnerability Notes for Microsoft June 2009 updates - <http://www.kb.cert.org/vuls/byid?searchview&query=ms09-jun> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA09-160A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA09-160A Feedback VU#983731" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History June 09, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSi7EY3IHljM+H4irAQKpUwgAqcYG1SVf4dPt7wevUx9UIKyw/RWG/wCI +ns9UEmk4Pbdu8Tj+snDsNxxOnvdUGnWzfbuBFrzexr+u3zY0BgvBQ50eaYnYyVn Iv9yxxxKfdvQEQIiPi/5gWl05k4axYdSjEYLZqNkQIj1VvqJOhCWaHKPsJZykdZq ZZLd8aFxxM7fj0RrKeorXGiApw45kP9a133EN7NRf8CvYsNKnUTMYVPC2bTaq0Jb HCjjEOwBWaP6YjqQ1laVslCHzOVpFzQnkl+IKBsoDAu1397KjwobIR340YyW6K4g ckdod5TwdG77KOcNZHAp+uQMffGOaCfqj/MFk7qEYxN7/0gJXuB8mQ== =9e4w -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. The vulnerability is caused due to an error when handling WebDAV requests for directories requiring authentication. This can be exploited to bypass access restrictions and e.g. download files from protected folders by issuing an HTTP GET request containing Unicode characters and a "Translate: f" HTTP header. Successful exploitation may allow uploading arbitrary files to protected WebDAV folders. The vulnerability is confirmed in Microsoft IIS 5.1 on a fully patched Windows XP SP3 and reported in version 6.0. Other versions may also be affected. SOLUTION: Do not store sensitive files inside the webroot. Disable WebDAV support. PROVIDED AND/OR DISCOVERED BY: Nikolaos Rangos (Kingcope) ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

authorization issue

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Kingcope※ kingcope@gmx.net

SOURCES

LAST UPDATE DATE

2024-11-23T20:13:05.437000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE