Bugtraq mailing list archives
Nifty Security hole on Several NT Based Web Servers
From: aleph1 () DFW NET (Aleph One)
Date: Fri, 9 Jan 1998 10:24:14 -0600
---------- Forwarded message ---------- Date: Thu, 8 Jan 1998 19:04:23 -0700 From: Greg Skafte <skafte () WORLDGATE COM> To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM Subject: Nifty Security hole on Several NT Based Web Servers A collegue of mine discovered a very interesting bug in several Web server packages. if you protect a file that is not 8.3 in its makeup you can often access the canonical name without restriction. EG: if a file named "somelongfile.htm" and you protect it then you can access somef~1.htm if somel~1.htm is the canonical name. (don't recall the corect NT term). This also applies to directory names as well. We have notified some of the affected vendors but haven't tested all the various NT Web servers. Know to be affected are IIS 4.0, Netscape Enterprise 3.0x and Website Pro don't recall the version. -- Email: skafte () worldgate com Voice: +403 413 1910 Fax: +403 421 4929 #575 Sun Life Place * 10123 99 Street * Edmonton, AB * Canada * T5J 3H1 -- -- When things can't get any worse, they simplify themselves by getting a whole lot worse then complicated. A complete and utter disaster is the simplest thing in the world; it's preventing one that's complex. (Janet Morris)
Current thread:
- Security flaw in either DIT TransferPro or Solaris The Man (Jan 05)
- Re: Security flaw in either DIT TransferPro or Solaris The Man (Jan 07)
- NetWare NFS Andrew J. Anderson (Jan 08)
- New DOS exploit for NT and Win95 (CONFIRMED?) Aleph One (Jan 08)
- bonk.c Aleph One (Jan 08)
- Re: bonk.c Jord Sonneveld (Jan 10)
- riptrace.c Aleph One (Jan 08)
- Re: riptrace.c Christopher Masto (Jan 08)
- Re: riptrace.c Alfred Huger (Jan 08)
- Nifty Security hole on Several NT Based Web Servers Aleph One (Jan 09)
- Re: riptrace.c Theo de Raadt (Jan 09)
- Re: riptrace.c Hubert Feyrer (Jan 08)
- Source for NEWTEAR.C Aleph One (Jan 09)
- Re: riptrace.c Christopher Masto (Jan 08)