Security Incidents mailing list archives

Frontpage Exploits

From: kmccammon () TIDALWAVE NET (Keith McCammon)
Date: Wed, 19 Apr 2000 10:37:05 -0400


Hey all,

We are running a FrontPage server (not necessarily by choice).  This
morning, the sites on the machine began requesting NT challenge/response to
browse sites.  It appears that eh IUSR/IWAM accounts were no longer in the
NTFS permissions for parent directory.

Anyone know of any exploits to summarily replace NTFS permissions on a
FrontPage Server?  A separate exploit also stops all sites from serving - a
past problem that we think we fixed.  Can't hurt to have that info anyway.

MACHINE: NT 4.0, SP6, MDAC 2.1, running Serv-U FTP (also latest version,
fully patched).  All known hotfixes in place.

Thanks,

Keith W. McCammon
Network Administrator
Quantum Communications, Inc.

Current thread:

CGI scans from Strauss.udel.edu -- They're back Jose Nazario (Apr 14)
- Re: CGI scans from Strauss.udel.edu -- They're back Tom Perrine (Apr 15)
- Re: CGI scans from Strauss.udel.edu -- They're back Matthew S. Hallacy (Apr 16)
  - Re: CGI scans from Strauss.udel.edu -- They're back Omachonu Ogali (Apr 18)
  - Rapid Web page harvesting, probably by marketing firm Brett Glass (Apr 18)
  - Frontpage Exploits Keith McCammon (Apr 19)
- Re: CGI scans from Strauss.udel.edu -- They're back Elliot L. Tobin (Apr 17)
  - Re: CGI scans from Strauss.udel.edu -- They're back Dragos Ruiu (Apr 17)
  - Re: CGI scans from Strauss.udel.edu -- They're back Ryan Russell (Apr 18)
    - Re: CGI scans from Strauss.udel.edu -- They're back Bryan Seitz (Apr 19)
  - Re: CGI scans from Strauss.udel.edu -- They're back Marcelo Magnasco (Apr 18)
  - Rooted through in.identd on Red Hat 6.0 Del Elson (Apr 18)
    - Re: Rooted through in.identd on Red Hat 6.0 Sebastian (Apr 20)
    - Re: Rooted through in.identd on Red Hat 6.0 Dmitry Alyabyev (Apr 20)
    - RH6.1/IPChains box hacked J. J. Horner (Apr 20)
    - Re: RH6.1/IPChains box hacked Jon Lewis (Apr 21)

(Thread continues...)