Thanks Andrew Hodes for the email. Microsoft Content Management Server (MCMS) 2001 is a .Net Enterprise Server product that simplifies developing and managing e-business web sites. Microsoft has learned of three security vulnerabilities affecting it:
Download: Patch for Microsoft Content Management Server 2001
View: Microsoft Security Bulletin ID MS02-041
- A buffer overrun in a low-level function that performs user authentication. At least one web page included with MCMS 2001 passes inputs directly to the function, thereby potentially providing a way for an attacker to overrun the buffer. The result of exploiting the vulnerability would be to either cause MCMS to fail, or run code in the context of the MCMS service (which runs as Local System).
- A vulnerability resulting from the confluence of two flaws affecting a function that allows files to be uploaded to the server. The first flaw lies in how the function authenticates requests, and would allow any user to submit an upload request. The second results because it is possible to override the upload location; where the function should upload files to a folder that only privileged users can access, it can be overridden to upload it to a temporary folder that does allow unprivileged users to call it. By exploiting the two flaws in tandem, an attacker could upload an .ASP or other file to the server, in a location from which it could be executed.
- A SQL injection vulnerability affecting a function that services requests for image files and other resources. Exploiting the vulnerability could enable an attacker to run SQL commands on the server, which would not only allow data in the MCMS database to be added, changed or deleted, but also would enable the attacker to run operating system commands on the server.
Download: Patch for Microsoft Content Management Server 2001 View: Microsoft Security Bulletin ID MS02-041
Title: Unchecked Buffer in Content Management Server Could Enable Server Compromise (Q326075)
Date: 07 August 2002
Software: Microsoft Content Management Server
Impact: Three vulnerabilities, the most serious of which could enable an attacker to run code of an attackers choice.
Max Risk: Critical
Bulletin: MS02-041
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.