Penetration Testing mailing list archives

Re: IWAM: Writing temp files to \winnt\temp

From: Joey Peloquin <joeyp () voteprivacy com>
Date: Sat, 21 Aug 2004 17:05:04 -0500

Dinis Cruz wrote:

Hello Joey

It is refreshing to hear somebody worrying about those issues (btw what is
being written to the c:\winnt\temp folder?).

Many thanks to all who replied. In the end we consulted with our MSFTSecurity Strategist (misnomer?), and he relayed their only concern with IWAMand ASPNET having permissions to \winnt\temp was to ensure that Executewas not given. They look at ASPNET/IWAM writing and reading \winnt\temp as"scratching on a notepad".

Though not totally convinced it's safe, I'll keep an eye on it and allow itfor now ;)


Cheers,
Joey

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------

Current thread:

IWAM: Writing temp files to \winnt\temp Joey Peloquin (Aug 03)
- RE: IWAM: Writing temp files to \winnt\temp Dinis Cruz (Aug 03)
- Re: IWAM: Writing temp files to \winnt\temp Michael Richardson (Aug 03)
- Re: IWAM: Writing temp files to \winnt\temp Tyler Durden (Aug 05)
- <Possible follow-ups>
- Re: IWAM: Writing temp files to \winnt\temp Joey Peloquin (Aug 22)