File: 100000106.txt

package info (click to toggle)
snort 2.9.15.1-5
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 59,656 kB
  • sloc: ansic: 310,441; sh: 13,260; makefile: 2,943; yacc: 497; perl: 496; lex: 261; sed: 14
file content (90 lines) | stat: -rw-r--r-- 2,584 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
Rule: 

--
Sid: 
100000106

-- 
Summary: 
This event is generated when an SQL injection attempt is made against the 
Microsoft BizTalk Server DTA Interface.

-- 

Impact: 
Attackers may retreive or modify sensitive in formation stored in the affected 
database. Additionally, attackers may use the database's functionality to 
execute arbitrary commands on the system with the priviliges of the user 
running the script, typically Administrator.

--
Detailed Information:
This rule looks specifically for attacks against the rawdocdata.asp module of 
the DTA Interface which contain the string "exec", which is required to run 
commands on the host system. Thus, this rule does not detect generic SQL 
injection attempts, only command execution attempts.

--
Affected Systems:
Microsoft BizTalk Server 2000 Developer Edition SP2
Microsoft BizTalk Server 2000 Developer Edition SP1a
Microsoft BizTalk Server 2000 Developer Edition
Microsoft BizTalk Server 2000 Enterprise Edition SP2
Microsoft BizTalk Server 2000 Enterprise Edition SP1a
Microsoft BizTalk Server 2000 Enterprise Edition
Microsoft BizTalk Server 2000 Standard Edition SP2
Microsoft BizTalk Server 2000 Standard Edition SP1a
Microsoft BizTalk Server 2000 Standard Edition
Microsoft BizTalk Server 2002 Developer Edition
Microsoft BizTalk Server 2002 Enterprise Edition

--

Attack Scenarios: 
A web browser or a script may be used to exploit this vulnerability.

-- 

Ease of Attack: 
Simple, as example attacks that can be used with a web browser are publicly 
available.

-- 

False Positives:
None Known.

--
False Negatives:
None Known.

-- 

Corrective Action: 
Patches which correct this problem are available from Microsoft.com.

--
Contributors: 
Alex Kirk <alex.kirk@sourcefire.com>

-- 
Additional References:
Microsoft BizTalk Server 2000 Enterprise Edition SP2: 
http://microsoft.com/downloads/details.aspx?FamilyId=001E93E4-0E6E-4289-AEFE-916
1D2E5AF97&displaylang=en
Microsoft BizTalk Server 2000 Developer Edition SP2: 
http://microsoft.com/downloads/details.aspx?FamilyId=001E93E4-0E6E-4289-AEFE-916
1D2E5AF97&displaylang=en
Microsoft BizTalk Server 2000 Standard Edition SP2: 
http://microsoft.com/downloads/details.aspx?FamilyId=001E93E4-0E6E-4289-AEFE-916
1D2E5AF97&displaylang=en

Microsoft BizTalk Server 2002 Enterprise Edition: 
http://microsoft.com/downloads/details.aspx?FamilyId=A05344FE-2622-4887-AA45-3DE
7C4ED3C75&displaylang=en

Microsoft BizTalk Server 2002 Developer Edition: 
http://microsoft.com/downloads/details.aspx?FamilyId=A05344FE-2622-4887-AA45-3DE
7C4ED3C75&displaylang=en

--