Bugtraq mailing list archives

FW: Personal web server - Temporary Fix

From: Ollie () DELPHISCONSULT CO UK (Ollie Whitehouse)
Date: Wed, 20 Jan 1999 14:12:53 -0000

Seems to be a quick fix:

System:
Microsoft Windows 98

PWS:
98 Shipped Edition

I have allowed directory browsing and was succesfully allowed to exploit
this hole on my local machine.

Once this was deselected received the error:

Directory listing denied

although granted this is not a complete fix, due to the fact that people
that know the file name(s) they want to retrieve (i.e. PWL, Registry or what
ever) can still do so, but it quick and people have to know the directory
layout of your PC.

Rgds

Ollie
----/
Ollie Whitehouse
I.T Co-Ordinator
Delphis Consulting
VOX : 0171 692 7689 (Direct Dial)
VOX : 0171 916 0200 (Switchboard)
FAX : 0171 916 1590 (Main)
E-M : ollie () delphisconsult co uk
/----

-----Original Message-----
From: Sean Coates [SMTP:sean () SPATULA ML ORG]
Sent: Tuesday, January 19, 1999 10:38 PM
To:   BUGTRAQ () NETSPACE ORG
Subject:      Re: Personal web server

Michael Howard wrote:

the frontpage team are looking at it now - as sean noted, the iis

codebase

in pws does not have this issue. i'll fwd more info to this alias as

soon as

i get more info from the fp team.

Cheers, MH
IIS Security


 It seems that servers which are branded "IIS" _DO_ have the problem, and
servers branded with "PWS" do NOT have the problem. For instance, the
server at
24.231.6.49 returns a server version of "Microsoft-PWS-95/2.0" yet the
server at
24.231.6.205 returns "Microsoft-IIS/4.0" and the server at
24.231.6.2(www.ebci.ca) returns "Microsoft-IIS/4.0 Beta 3".

the *.49 server is not vulnerable, and neither is the *.2 server, but the
*.205
server IS vulnerable (I told the admin of this machine about the problem,
so it
may be fixed by the time this reaches bugtraq.)

By talking to the admin of each server, I've concluded that the *.49
server is a
downloaded version of PWS, running on windows98, the *.205 server is PWS
from
the windows98 CD (OEM, as far as I know), running on Win98, and the *.2
server
is actually IIS, running on Windows NT Server 4.

Sorry about the confusion of my earlier post, hope this clears it up.
My luck, it'll probably just make it worse. (-;

Sean Coates
sean () spatula ml org
scoates () usa net

Current thread:

Re: Another web-based mail reader hole, (continued)
- - - Re: Another web-based mail reader hole Peter van Dijk (Jan 19)
  - Re: Sendmail 8.8.x/8.9.x bugware Michal Zalewski (Jan 18)
- Re: Sendmail 8.8.x/8.9.x bugware Nic Bellamy (Jan 19)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race Luke Mewburn (Jan 20)
  - Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
    - Mirc 5.5 'DCC Server' hole Spikeman (Jan 24)
    - Re: Mirc 5.5 'DCC Server' hole Sandro Jurado (Jan 26)
    - Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Casper Dik (Jan 25)
    - Announcement: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Keeping Solaris up-to-date: summary John RIddoch (Jan 20)
- FW: Personal web server - Temporary Fix Ollie Whitehouse (Jan 20)
- Nobo and Netbuster Dos Wolfgang Gassner (Jan 20)
  - Re: Nobo and Netbuster Dos Flavio Veloso (Jan 21)
- Quake 2 Server Crash Leif Sawyer (Jan 20)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race D. J. Bernstein (Jan 20)
- Sendmail 8.8.x/8.9.x bugware Gregory Neil Shapiro (Jan 20)
  - CFP: New Security Paradigms Workshop 1999 Crispin Cowan (Jan 21)
  - Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
    - Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
    - linux crashes irix6.3 Philipp Schott (Jan 22)
    - Re: linux crashes irix6.3 J.A. Gutierrez (Jan 23)

(Thread continues...)