Bugtraq mailing list archives
Re: MS-DOS Filename/Directory Vulnerability
From: Seth Arnold <sarnold () wirex com>
Date: Thu, 16 Aug 2001 16:32:00 -0700
On Thu, Aug 16, 2001 at 07:08:16PM -0700, Felipe Moniz wrote:
I tested this in the PWS (based on IIS 4) and it worked. I created a file called "clientlist2001.txt" and with client~1.txt (www.site.com/client~1.txt) I get the clientlist2001.txt without know the complete name of the file. The problem occurs also when I type "postin~1.htm" for access "postinfo.html" file.
This is a known problem. There is a switch that can be thrown somewhere (possibly only in the registry, but I thought I have seen a checkbox for this somewhere...) that does not generate the MSDOS names on NTFS partitions. Microsoft has written a guide to securing WinNT; I bet they have updated it for Win2k as well. They detail how to turn off the MSDOS filename support in that document. Cheers!
Current thread:
- MS-DOS Filename/Directory Vulnerability Felipe Moniz (Aug 16)
- Re: MS-DOS Filename/Directory Vulnerability Seth Arnold (Aug 16)
- RE: MS-DOS Filename/Directory Vulnerability Troy Murray (Aug 16)
- Re: MS-DOS Filename/Directory Vulnerability Alun Jones (Aug 17)
- Re: MS-DOS Filename/Directory Vulnerability Seth Arnold (Aug 16)