The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Serious MS FrontPage Exploit!

Discussion in 'General Discussion' started by bmcpanel, Sep 26, 2002.

  1. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    Microsoft began warning Web site administrators on Wednesday
    that a flaw in its FrontPage extensions could allow an attacker to
    take control of their servers or cause the computers to seize up!

    In its 53rd Security Advisory of the year, Microsoft admitted that a serious
    vulnerability in their SmartHTML interpreter can be exploited to cause a
    denial-of-service attack on the host Web server if that computer has
    FrontPage Server Extensions 2000 running. For FrontPage Server
    Extensions 2002, the same security flaw can also result in the
    attacker's being able to run the code of their choice, essentially
    taking over control of the server.

    &If a request for a certain type of Web file is made in a particular way...
    it will also cause the SmartHTML interpreter to cycle endlessly, thereby
    consuming all the server's CPU availability,& according to Microsoft's advisory.

    The company urged administrators to apply the patch for the problem or run the Internet Information Server lockdown tool, a security application that disables many of the potentially dangerous functions in Microsoft's IIS Web server.
     
  2. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    [quote:078cc3c557][i:078cc3c557]Originally posted by bmcpanel[/i:078cc3c557]

    Microsoft began warning Web site administrators on Wednesday
    that a flaw in its FrontPage extensions could allow an attacker to
    take control of their servers or cause the computers to seize up!

    [/quote:078cc3c557]

    P.S., not sure if this is Windows specific, or Linux specific. If anyone finds out, let us know.
     
  3. cass

    cass Well-Known Member

    Joined:
    Jul 17, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Argentina/USA/Mexico
    Yes I saw this ....
    dunno if linux affected as well... ??

    More info:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-053.asp

    btw, I'm installing the new buildapache that dates 25/setp.
    maybe you want to do the same

    Regards.
     
  4. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    All of the patches end in .exe, so I am assuming this is a Windows exploit only. However, I am not sure.
     
Loading...

Share This Page