Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

IIS Directory traversal vulnerability

From: Lee Evans <lee () vital co uk>
Date: Wed, 25 Jul 2001 10:34:33 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Any advice would be much appreciated - a couple of our boxes seem to have 
been exploited using a directory traversal vulnerabiltiy, by uploading a file 
called "dr.exe", and then passing this commands to remove files from the box.

I have recovered our logfiles and the data fortunately, and I am still 
examining the log's.

Is this dr.exe thing a known attack, (I can't seem to find anything about 
it).?

The attacked boxes did have all the latest patches applied to them, and I 
double checked this during the code red crisis, and applied any that were 
missing.

Any information would be much appreciated.

Regards
Lee
- -- 
Lee Evans
Vital Online Ltd

This  message is intended only for the use of the person(s) ("The
intended recipient(s)")  to  whom it is addressed.  It may contain
information which is privileged and confidential within  the  
meaning  of  applicable law.  If you are not the intended  recipient,
please  contact the sender as soon as possible.  The views expressed
in this communication may not necessarily be the views held by Vital Online 
Ltd.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7XpKrhtUFQXeFbZYRAh0mAKCTpYRfp5m/MBHHc/tvYYdxMqf9qQCeNpru
+QqVQuyw/IhvuMQfwnP7lhc=
=Zel8
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: