Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Multiple Microsoft Content Management Server 2001 Vulnerabilities

Multiple Microsoft Content Management Server 2001 Vulnerabilities

by Nikola Strahija on August 10th, 2002 Microsoft has reported three vulnerabilities in Microsoft Content Management Server (MCMS) 2001. Microsoft Content Management Server 2001 is a .NET Enterprise Server product for development and management of e-business websites.


The first issue is reported to be a buffer overflow condition in a low-level function that facilitates user-authentication. At least one webpage that ships with the product contains an exposure to the vulnerable function, and may allow attackers to exploit the condition. This may be exploited by a remote attacker to execute arbitrary instructions in the Local System context or potentially create a denial of service condition. Malformed authentication information may trigger this condition in a webpage which provides authentication and calls the vulnerable function.

The second issue is reported to be the result of two flaws in a particular function (MCMS Authoring) and may potentially allow remote attackers to upload files to arbitrary locations on a vulnerable system. The first flaw is in the user authentication aspect of the vulnerable function, and may allow arbitrary users to submit upload requests to the server. Additionally, a flaw exists which may allow files to be uploaded to an arbitrary location. Normally, uploaded files are stored in a directory without execute permissions. However, the existence of this second flaw in the affected function may allow for files to be uploaded to an attacker-specified location, where they will reside for a short period of time. This may allow for execution of arbitrary attacker-supplied files. Successful exploitation would cause the file to be executed in the context of the Web Application Manager.

The third issue is reported to be an SQL injection vulnerability in the MCMS Resource Request function. This function is used to handle requests for image files and other types of resources on the server. This issue could effectively be exploited to execute commands in the context of the SQL Server 2000 service, which amounts to the privileges of the Domain user.

Remote: Yes
Exploit: No
Solution: Microsoft has issued a patch for these issues:




Microsoft Content Management Server 2001 SP1:

Microsoft Patch mcms2001srp1.exe
http://download.microsoft.com/download/contentmanagementser/SP/1.0/NT5/EN-US/mcms2001srp1.exe


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »