The RAZOR Security Team Sponsored by BindView





VLAD The Scanner

Vulnerability Information

4.  RDS Security hole in Microsoft Internet Information Server (IIS)

Microsoft IIS server is a free add-on for Windows NT Server 4.0 that allows NT to act as a web server. 

Effected Versions:  Microsoft Windows NT 4.0 with Internet Information Server (IIS) installed.

CVE Entry: CVE-1999-1011

Details: Internet Information Server (IIS) 4.0, by default, installs MDAC 1.5. This includes RDS, which allows for remote access to ODBC components over the web, through one particular .DLL located at /msadc/msadcs.dll.  Using a widely available exploit in the form of a PERL script attackers can launch arbitrary commands remotely.

Reccomendations: If RDS functionality is not required it is strongly recommended that RDS functionality is completely removed from systems exposed to the Internet.  A complete guide to the RDS vulnerability can be found at http://www.wiretrip.net/rfp/p/doc.asp?id=29&iface=2. As with any server running web services is it also recommended to remove any sample files installed.

Additional Information:

http://support.microsoft.com/support/kb/articles/q184/3/75.asp

http://www.microsoft.com/technet/security/bulletin/ms98-04.asp

http://www.microsoft.com/technet/security/bulletin/ms99-025.asp

http://www.sans.org/topten.htm

 

 



Contact: info@razor.bindview.com | | Bindview Home