---------- Forwarded message ---------- Date: Thu, 8 Jan 1998 19:04:23 -0700 From: Greg Skafte <skafteat_private> To: NTBUGTRAQat_private Subject: Nifty Security hole on Several NT Based Web Servers A collegue of mine discovered a very interesting bug in several Web server packages. if you protect a file that is not 8.3 in its makeup you can often access the canonical name without restriction. EG: if a file named "somelongfile.htm" and you protect it then you can access somef~1.htm if somel~1.htm is the canonical name. (don't recall the corect NT term). This also applies to directory names as well. We have notified some of the affected vendors but haven't tested all the various NT Web servers. Know to be affected are IIS 4.0, Netscape Enterprise 3.0x and Website Pro don't recall the version. -- Email: skafteat_private Voice: +403 413 1910 Fax: +403 421 4929 #575 Sun Life Place * 10123 99 Street * Edmonton, AB * Canada * T5J 3H1 -- -- When things can't get any worse, they simplify themselves by getting a whole lot worse then complicated. A complete and utter disaster is the simplest thing in the world; it's preventing one that's complex. (Janet Morris)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:32 PDT