Penetration Testing mailing list archives
Re: IWAM: Writing temp files to \winnt\temp
From: Joey Peloquin <joeyp () voteprivacy com>
Date: Sat, 21 Aug 2004 17:05:04 -0500
Dinis Cruz wrote:
Hello Joey It is refreshing to hear somebody worrying about those issues (btw what is being written to the c:\winnt\temp folder?).
Many thanks to all who replied. In the end we consulted with our MSFT Security Strategist (misnomer?), and he relayed their only concern with IWAM and ASPNET having permissions to \winnt\temp was to ensure that Execute was not given. They look at ASPNET/IWAM writing and reading \winnt\temp as "scratching on a notepad".
Though not totally convinced it's safe, I'll keep an eye on it and allow it for now ;)
Cheers, Joey ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 -------------------------------------------------------------------------------
Current thread:
- IWAM: Writing temp files to \winnt\temp Joey Peloquin (Aug 03)
- RE: IWAM: Writing temp files to \winnt\temp Dinis Cruz (Aug 03)
- Re: IWAM: Writing temp files to \winnt\temp Michael Richardson (Aug 03)
- Re: IWAM: Writing temp files to \winnt\temp Tyler Durden (Aug 05)
- <Possible follow-ups>
- Re: IWAM: Writing temp files to \winnt\temp Joey Peloquin (Aug 22)