DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  RevertToSelf


SYSTEMS AFFECTED

  Win NT 3.5, 3.51, 4.0

  

PROBLEM


    This vulnerability was originally presented on:



        www.ntshop.com/security



    and this text is their credit.



    ISAPI scripts  run under  the IUSR_MACHINENAME  account under IIS,

    and  thus,  inherit  the  security  permissions  of  this account.

    However,  if  the  ISAPI  program  contains a simple call labelled

    RevertToSelf(), you  have a  big hole.  Once that  program line is

    executed,  the  ISAPI  program  reverts  it's  authority  to   the

    all-powerful SYSTEM  account, at  which point  the program  can do

    just  about  anything,  including  successfully  execute  system()

    calls.





EXPLOIT

  

SOLUTION


    Don't  run  ISAPI  scripts  you  don't  trust  --  be careful with

    shareware and freeware. Insist on examining the source code  where

    ever possible,  and compile  it yourself  before use.  And if  you

    can't, think long  and hard before  you decide to  run the program

    blindly.   Test  the  ISAPI  programs   as  best  you  can  on   a

    standalone,  isolated  system  before  implementing  them  on your

    production machines.