1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unchecked Buffer in ISAPI Filter Could Allow Commerce Server Compromise: Feb 21

Discussion in 'Web & Email' started by eddie5659, Feb 22, 2002.

Thread Status:
Not open for further replies.
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,886
    Hiya

    By default, Commerce Server 2000 installs a .dll with an ISAPI
    filter that allows the server to provide extended functionality in
    response to events on the server. This filter, called AuthFilter,
    provides support for a variety of authentication methods.
    Commerce Server 2000 can also be configured to use other
    authentication methods.

    A security vulnerability results because AuthFilter contains an
    unchecked buffer in a section of code that handles certain types
    of authentication requests. An attacker who provided
    authentication data that overran the buffer could cause the
    Commerce Server process to fail, or could run code in the
    security context of the Commerce Server process. The
    process runs with LocalSystem privileges, so exploiting the
    vulnerability would give the attacker complete control of
    the server.

    Affected Software:

    Microsoft Commerce Server 2000

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-010.asp

    Regards

    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Unchecked Buffer ISAPI
  1. Dkapiate
    Replies:
    2
    Views:
    276
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/70027

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice