ASP: The latest ASP, IIS security vulnerability When ASP is flexible, simple, practical, and powerful quickly popular global websites, some of its defects, vulnerabilities are also threatening all website developers, followed by After introducing some IIS system vulnerabilities and security issues of ASP, this period will be detailed for the latest ASP, IIS security vulnerabilities, please pay close attention to all ASP website developers, and be vigilant. At the beginning of this month, Microsoft was once again accused of paying attention to the security issues of Web server software from them. There is a defect known as "illegal HTR request" in Microsoft's Popular Product IIS Sever 4.0. According to Microsoft, this defect can cause any code to run at the server side in a particular case. But with the discovered Internet security company EEYE's CEO FiRAS Bushnaq's CEO FiRAS Bushnaq said: This is just a horns in the iceberg. Bushnaq said Microsoft concealed some cases, such as hackers can use this vulnerability to completely control the IIS server, and many e-commerce sites are based on this system. The following Ros is a detailed information on the IIS system vulnerability: IIS's latest security vulnerability is affected: Internet Information Server 4.0 (IIS4) Microsoft Windows NT 4.0 SP3 Option Pack 4 Microsoft Windows NT 4.0 SP4 Option Pack 4 Microsoft Windows NT 4.0 SP5 OPTION PACK 4 Date: 6.8.1999 Microsoft has confirmed this vulnerability, but there is currently no available patches. Microsoft Security Announcement (MS99-019): Topic: "Normal HTR Request" Vulnerability Published: 6.15.1999 Abstract: Microsoft has confirmed a serious system vulnerability in its released web server product Internet Information Server 4.0, The vulnerability causes the "Service Refused Attack" for the IIS server, in which case may result in any 2 credits to run on the server. Patches on this vulnerability will be released in the near future, please pay close attention to all IIS users. Vulnerability introduction: IIS supports multiple file types that require server-side processing, such as: ASP, ASA, IDC, HTR, and the corresponding DLL file will automatically process when a web user requests such files from the client. However, there is a serious security vulnerability in the file that is responsible for handling the HTR file. (Note: The HTR file itself is used to remotely manage user passwords) The vulnerability contains unauthenticated buffers in ISM.DLL, which may cause two threats to the Web server's security operation. First, it is a threat from the service refusal attack. A request from abnormal pairs .htr file will result in cache overflow, which directly leads to IIS crash. When this happens, there is no need to restart the server, but the IIS web server must restart. Another threat is more headache, by using a well-constructed file request will be able to use standard cache overflow to cause 2 credits to run on the server side, in this case, everything possible! This vulnerability does not include a .htr file that provides functions to manage user passwords. Principle Analysis: There is at least in an IIS extension (for example, ASP, IDC, HTR) overflow. We speculate overflow happened when IIS passed the full URL to the DLL to process the extension. If the ISAPI DLL does not have the correct check limit range, it causes inetinfo.exe to generate an overflow, and the user can perform 2 credits remotely.
Attack method: Send an HTTP request to IIS: "Get / [Overflow].htr http / 1.0", IIS will crash. Here [overflow] can be 3K long code. Everyone may be is not very familiar with the .htr file, in fact IIS has the ability to make NT users through the web directory / Iisadmpwd / change their password. This function is implemented by a set of .htr files and ISAPIs: ism.dll implementation. When a complete URL is passed to ISM.DLL, since there is no appropriate size limit, the overflow is generated, thereby causing the server to crash. HTR / ISM.DLL ISAPI is the default installation of IIS4. Solution: Since Microsoft has not released a patch for use, we can only do some emergency prevention. 1. Remove the .htr extension from the list of ISAPI DLLs on your NT desktop, click "Start" -> Programs -> "Windows NT 4.0 Option Pack" -> "Microsoft Internet Information Server" -> " Internet Service Manager "; Double-click" Internet Information Server "; right-click the computer name and select" Properties "; select" WWW Service "in the" Main Properties "drop-down menu and click" Edit "button; select" Home Directory "Folder, and click" Configure "button, select the related mapping of .htr's related mappings in the Application Mapping list box, select Delete, and OK. 2, install the patch provided by Microsoft, please pay close attention to the following URL http://www.microsoft.com/security http://www.microsoft.com/security/products/iis/checklist.asp may not feel that some friends will feel Solution, why I used two major sections in ASP 17, 18, I would focus on IIS, ASP security issues. If you are a web developer, ASP programmer, I think you should be able to experience my intention. We conduct network programming, develop interactive websites, of course, in order to develop, build their own website, but this is based on security, including security, ASP or other network applications that have been developed to their own Protection of code, ensure the safe operation of the website server, ensure security and certification of user information, etc., the safety of e-commerce has become a key to real-time business operations, security is more important. Many friends in us are in the same manner as an ASP programmer, so familiar with the operation of the system, timely understand the system vulnerability, and the first time to solve the security problem is very important and necessary, so in this article At the end, the author will organize some security suggestions for NT, IIS system configuration, hoping to help everyone. 1. Use the latest version of Microsoft Internet Information Server 4.0, and install the latest version of Service Pack5, the server's file system does not use FAT, and NTFS should be used. 2, set the web directory of Sample, Scripts, Iisadmin, and MSADC in IIS to disable anonymous access and limit IP addresses. Before Microsoft has not provided patch, remove the application map of ISM.DLL. 3. If there is conditional, use a firewall mechanism. The easiest way to open in the front desk, the directory is placed in the background, and if you can serve a service, it is of course best. 4. Importats, CGI directories, Scripts directories, and Winnt directories To set detailed security permissions with NTFS, the Winnt directory containing registry information only allows administrators to fully control, and general users read only permissions. give.
