1023.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid:
1023

--
Summary:
This event is generated when an attempt is made to access the msadcs.dll file, which provides an interface to Remote Data Services (RDS).

--
Impact:
Information gathering or remote access. This attack may allow disclosure of file contents or may allow remote access to the vulnerable server. 

--
Detailed Information:
Microsoft Data Access Components (MDAC) provides web and database integration.  The RDS component of MDAC enables remote web access to database services through the Internet Information Server (IIS).  A vulnerability exists in the DataFactory component of RDS that may permit unauthenticated users to query databases.  Depending on other software installed, it may be possible to execute arbitrary commands on IIS. 

--
Affected Systems:
IIS 3.0, 4.0 servers 

--
Attack Scenarios:
An attacker can exploit the vulnerability to get access to remote databases or, under certain software configurations, get access to the remote IIS server to run arbitrary commands. 

--
Ease of Attack:
Simple.  Exploit code is freely available.

--
False Positives:
None Known.

--
False Negatives:
None Known.

--
Corrective Action:
Follow the configuration changes in the referenced Microsoft link.

Upgrade to a more current version of IIS.
 
--
Contributors:
Original rule writer unknown
Modified by Brian Caswell <bmc@sourcefire.com>
Sourcefire Research Team
Judy Novak <judy.novak@sourcefire.com>

--
Additional References:

CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1011

Bugtraq.
http://www.securityfocus.com/bid/529

Microsoft 
http://www.microsoft.com/technet/security/bulletin/ms99-025.asp


--