Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise New

A buffer overrun exists in the Index Server which when used with Microsoft IIS could enable to malicious user to run code in the context of the system.

Issue

As part of its installation process, IIS installs several ISAPI extensions -- .dlls that provide extended functionality. Among these is idq.dll, which is a component of Index Server (known in Windows 2000 as Indexing Service) and provides support for administrative scripts (.ida files) and Internet Data Queries (.idq files).

A security vulnerability results because idq.dll contains an unchecked buffer in a section of code that handles input URLs. An attacker who could establish a web session with a server on which idq.dll is installed could conduct a buffer overrun attack and execute code on the web server. Idq.dll runs in the System context, so exploiting the vulnerability would give the attacker complete control of the server and allow him to take any desired action on it.

The buffer overrun occurs before any indexing functionality is requested. As a result, even though idq.dll is a component of Index Server/Indexing Service, the service would not need to be running in order for an attacker to exploit the vulnerability. As long as the script mapping for .idq or .ida files were present, and the attacker were able to establish a web session, he could exploit the vulnerability.

Affected Products

• Microsoft Index Server 2.0 & Indexing Service in Windows 2000

Solution

A software patch is available from the following locations:

• Windows NT 4.0
• Windows 2000 Servers

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: June 18, 2001

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<