===================================================================== CERT-Renater Note d'Information No. 2009/VULN231 _____________________________________________________________________ DATE : 10/06/2009 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows 2000, Windows XP Professional, Windows Server 2003 running Microsoft IIS. ====================================================================== KB970483 http://www.microsoft.com/technet/security/Bulletin/MS09-020.mspx ______________________________________________________________________ Microsoft Security Bulletin MS09-020 - Important Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) Published: June 9, 2009 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether a file is accessible by a given user. Successful exploitation of these vulnerabilities would still restrict the attacker to the permissions granted to the anonymous user account by the file system ACLs. This security update is rated Important for Microsoft Internet Information Services on all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. For more information, see the subsection, Affected and Non-Affected Software, in this section. The security update addresses the vulnerabilities by modifying the way that the WebDAV extension for IIS handles HTTP requests. Affected Software Microsoft Internet Information Services 5.0 on Microsoft Windows 2000 Service Pack 4 Microsoft Internet Information Services 5.1 on Windows XP Professional Service Pack 2 and Windows XP Professional Service Pack 3 Microsoft Internet Information Services 6.0 on Windows XP Professional x64 Edition Service Pack 2 Microsoft Internet Information Services 6.0 on Windows Server 2003 Service Pack 2 Microsoft Internet Information Services 6.0 on Windows Server 2003 x64 Edition Service Pack 2 Microsoft Internet Information Services 6.0 on Windows Server 2003 with SP2 for Itanium-based Systems Vulnerability Information IIS 5.0 WebDAV Authentication Bypass Vulnerability - CVE-2009-1122 An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that should require authentication. IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability - CVE-2009-1535 An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================