Everyone writable IIS root directory

[n-miwa () LAC CO JP (Nobuo Miwa)]

Hi,

We(JWNTUG(Japan Windows NT Users Group) Security Working Group)
reported MS about a kind of DoS problem on mailroot and ftproot
directories of IIS.
Those directories(C:\Inetpub\ftproot,\mailroot) are readable
and writable for everyone.
So we tested following script as C:\inetpub\mailroot\fill.bat

  :fill
  copy drop\*.* pickup
  goto fill

This script can be executed by any user and hard disk will
be filled with emails soon after some emails come into "drop"
directory. We tested also from Terminal Server. It works well.
In addition, any user can read and write email in drop folder.

We reported MS and they replied as followings..

You're right -- those permissions shouldbe tightened.
We're going to add this to the IIS Security Checklist at
http://www.microsoft.com/security/products/iis/CheckList.asp,
to make sure that customers know that they need to do this.
Thanks again for reporting the issue!  Regards,

Secure () microsoft com

----------------------------------------------------------------
Nobuo Miwa
  A member of JWNTUG Security Working Group
    http://www.jwntug.or.jp

Special thanks to
  Hideaki Ihara<ihara () port139 co jp>
  YOKOYAMA Tetsuya <Yokoyama.Tetsuya () GlobalKnowledge Co JP>