Irregular Expressions » sharepoint http://itknowledgeexchange.techtarget.com/Irregular-Expressions Insight into current security related events and exploits, including virtualization security and tips. Sun, 28 Apr 2013 08:00:32 +0000 en-US hourly 1 XSS in sharepoint http://itknowledgeexchange.techtarget.com/Irregular-Expressions/xss-in-sharepoint/ http://itknowledgeexchange.techtarget.com/Irregular-Expressions/xss-in-sharepoint/#comments Fri, 30 Apr 2010 15:46:05 +0000 Dan O'Connor http://itknowledgeexchange.techtarget.com/Irregular-Expressions/xss-in-sharepoint/ There is a privilege escalation vulnerability in MS Sharepoint.  There is a mitigation for IE 8 users, you can enabled a XSS filter ( see the links ).  There is also a work around if you ACL the help.aspx file, you wont be able to view the help for the site, but it is supposed to stop the attack.

http://blogs.technet.com/srd/archive/2010/04/29/sharepoint-xss-issue.aspx

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0817

http://www.microsoft.com/technet/security/advisory/983438.mspx

Here is the suggested actions from MS.

Customers can mitigate the impact to systems running Microsoft Windows SharePoint Services 3.0 or Microsoft Office SharePoint Server 2007 by applying the following workarounds.

Workaround refers to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:

Restrict Access to SharePoint Help.aspx

An administrator can apply an access control list to SharePoint Help.aspx to ensure that they can no longer be loaded. This effectively prevents exploitation of the vulnerability using this attack vector.

To restrict access to the vulnerable Help.aspx:

Run the following commands from a command prompt:

cacls “%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” /E /P everyone:N

cacls “%ProgramFiles(x86)%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” /E /P everyone:N

Impact of workaround. This workaround will disable all help functionality from the SharePoint server.

How to undo the workaround.

Run the following commands from a command prompt:

takeown /f “%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx”

takeown /f “%ProgramFiles(x86)%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx”

cacls “%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” /E /R everyone

cacls “%ProgramFiles(x86)%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” /E /R everyone
]]> http://itknowledgeexchange.techtarget.com/Irregular-Expressions/xss-in-sharepoint/feed/ 0