Security Incidents mailing list archives
Re: Front Page Extensions
From: m_a_n_i_a_c_ () HOTMAIL COM (Maniac .)
Date: Tue, 28 Mar 2000 19:24:02 GMT
The biggest issue around FP Extensions is the assignment of permissions on the specific DLLs that are installed. But, if the logs where nailed are you sure it was a FP only exploit? Could the attacker have used the RDS exploit to gain command prompt and nail the logs? As far as apache goes, incorrectly configured apache is just as insecure as an incorrectly configured IIS box. How can putting apache in increase your security? Unless you are not proficient with IIS and NT security.
Hi, Something strage as append. One of my clients have an winnt machine with cluster, and have Front Page Ext. to publish is page. some time ago he was hacked, an logs were corrupt does anyone knows any vuln on Front page thar allows an selective cleanning of the logs? The only evident exposures were that aparently nothing else was modified. I just like to say that the securing of this site isn't my responsability or else I would put apache in there. but...... :( Vitor Ventura
-==-Man!ac-==- "I don't intend to offend, I offend with my intent" ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Re: Front Page Extensions Maniac . (Mar 28)