Vulnerability Development mailing list archives

Re[2]: directory traversal

From: Strumpf Noir Society <vuln-dev () labs secureance com>
Date: Tue, 5 Feb 2002 19:00:29 +0100

Hi,

Ehm, oops, sorry. A bit more info about the settings would be
appropiate. I'm not looking at IIS specifically, it's a third-party
product. It does run a server (a propriety FTP server) and this server
is vulnerable to the triple-dot thing. But ONLY when running Win2k/NT.

Thejian

A> If i understand the question correctly, the reason would be that the
A> directory traversal problem was an exploit in IIS - which only runs on NT.
A> The MS webserver for 9x systems is PWS which I don't think is vulnerable in
A> the same way.

A> Harry M




-- 
Best regards,
 Strumpf Noir Society                            mailto:vuln-dev () labs secureance com


"Mere accumulation of observational evidence is not proof."

-- Death, "The Hogfather"

Current thread:

directory traversal Strumpf Noir Society (Feb 05)
- Message not available
  - Re[2]: directory traversal Strumpf Noir Society (Feb 05)
- Re: directory traversal Jim Nanney (Feb 05)
  - Re: directory traversal Philip Rowlands (Feb 06)
  - Re: directory traversal Piyush Agarwal (Feb 06)
- <Possible follow-ups>
- RE: directory traversal Shane Miller (Feb 05)
- RE: directory traversal Levenglick, Jeff (Feb 06)
  - RE: directory traversal Piyush Agarwal (Feb 07)
    - Re: directory traversal Robert Collins (Feb 07)
    - Re: directory traversal Steve (Feb 07)
    - Re: directory traversal Michel Arboi (Feb 14)
- RE: directory traversal Levenglick, Jeff (Feb 07)

(Thread continues...)