Re: more iis-unicode questions

[JRC - Techno Logic Consulting <jcribb () tlc-sa com ar>]

You must remove the rights for EVERYONE in your files outside from INETPUB.

----- Original Message -----
From: "J. J. Horner" <jhorner () 2jnetworks com>
To: "JRC - Techno Logic Consulting" <jcribb () tlc-sa com ar>
Cc: <VULN-DEV () SECURITYFOCUS COM>
Sent: Thursday, October 26, 2000 11:33 AM
Subject: Re: more iis-unicode questions


> What permissions stop the attack?  I've seen machines that aren't
vulnerable before patching,
> and I've seen machines with SP5 patched and still vulnerable.
>
> Any ideas?
>
> Jon
>
> On Thu, Oct 26, 2000 at 07:47:53AM -0300, JRC - Techno Logic Consulting
wrote:
> > Yes, I was tested with several Servers and works. But, when the security
rights of the files in the server was correctly configured, the security
stops the atack.
> >   ----- Original Message -----
> >   From: aliver vilereal
> >   To: VULN-DEV () SECURITYFOCUS COM
> >   Sent: Wednesday, October 25, 2000 11:10 PM
> >   Subject: more iis-unicode questions
> >
> >
> >   has anyone seen the iis-unicode exploit run over https?  i'm not crazy
for thinking it is possible am i?  i'm sorry to keep asking questions of the
list, but i haven't been able to install iis and test these things, becasuse
i am away from where my disk is.
> >   thanks again
> >   aliver vilereal
> >   ubermother
>
> --
> J. J. Horner
> jjhorner () bellsouth net
> System has been up: 20 days.