Irregular Expressions

Apr 30 2010   10:46AM GMT

XSS in sharepoint

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

There is a privilege escalation vulnerability in MS Sharepoint.  There is a mitigation for IE 8 users, you can enabled a XSS filter ( see the links ).  There is also a work around if you ACL the help.aspx file, you wont be able to view the help for the site, but it is supposed to stop the attack.

http://blogs.technet.com/srd/archive/2010/04/29/sharepoint-xss-issue.aspx

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0817

http://www.microsoft.com/technet/security/advisory/983438.mspx

Here is the suggested actions from MS.

Customers can mitigate the impact to systems running Microsoft Windows SharePoint Services 3.0 or Microsoft Office SharePoint Server 2007 by applying the following workarounds.

Workaround refers to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:

Restrict Access to SharePoint Help.aspx

An administrator can apply an access control list to SharePoint Help.aspx to ensure that they can no longer be loaded. This effectively prevents exploitation of the vulnerability using this attack vector.

To restrict access to the vulnerable Help.aspx:

Run the following commands from a command prompt:

cacls “%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” /E /P everyone:N

cacls “%ProgramFiles(x86)%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” /E /P everyone:N

Impact of workaround. This workaround will disable all help functionality from the SharePoint server.

How to undo the workaround.

Run the following commands from a command prompt:

takeown /f “%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx”

takeown /f “%ProgramFiles(x86)%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx”

cacls “%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” /E /R everyone

cacls “%ProgramFiles(x86)%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” /E /R everyone

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: