DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  RevertToSelf

SYSTEMS AFFECTED

  Win NT 3.5, 3.51, 4.0
  

PROBLEM


    This vulnerability was originally presented on:

        www.ntshop.com/security

    and this text is their credit.

    ISAPI scripts  run under  the IUSR_MACHINENAME  account under IIS,
    and  thus,  inherit  the  security  permissions  of  this account.
    However,  if  the  ISAPI  program  contains a simple call labelled
    RevertToSelf(), you  have a  big hole.  Once that  program line is
    executed,  the  ISAPI  program  reverts  it's  authority  to   the
    all-powerful SYSTEM  account, at  which point  the program  can do
    just  about  anything,  including  successfully  execute  system()
    calls.



EXPLOIT

  

SOLUTION


    Don't  run  ISAPI  scripts  you  don't  trust  --  be careful with
    shareware and freeware. Insist on examining the source code  where
    ever possible,  and compile  it yourself  before use.  And if  you
    can't, think long  and hard before  you decide to  run the program
    blindly.   Test  the  ISAPI  programs   as  best  you  can  on   a
    standalone,  isolated  system  before  implementing  them  on your
    production machines.