Re: Nifty Security hole on Several NT Based Web Servers

From: nitin (nitinat_private)
Date: Fri Jan 09 1998 - 11:27:47 PST

Next message: Patrick J. McEvoy: "Livingston needs to update CERT regarding smurfing"

Previous message: Aleph One: "Re: Nifty Security hole on Several NT Based Web Servers"
Maybe in reply to: Aleph One: "Nifty Security hole on Several NT Based Web Servers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We have been made aware of the problem last week (or early this week).
We are planning to put out a patch for Enterprise 3.0 and Fasttrack 3.01 on
NT.
The patch is being built/verified currently and should be available soon.

-Nitin

Aleph One wrote:

> ---------- Forwarded message ----------
> Date: Thu, 8 Jan 1998 21:28:06 -0700
> From: Marc Slemko <marcsat_private>
> To: NTBUGTRAQat_private
> Subject: Re: Nifty Security hole on Several NT Based Web Servers
>
> On Thu, 8 Jan 1998, Greg Skafte wrote:
>
> > A collegue of mine discovered a very interesting bug in several Web
> > server packages.  if you protect a file that is not 8.3 in its makeup
> > you can often access the canonical name without restriction. EG:
> >
> > if a file named  "somelongfile.htm"  and you protect it then you can
> > access somef~1.htm  if somel~1.htm is the canonical name. (don't recall
> > the corect NT term). This also applies to directory names as well.
> >
> > We have notified some of the affected vendors but haven't tested all
> > the various NT Web servers.
>
> Microsoft and Netscape have been contacted.
>
> Netscape has apparently ignored me.  Well, either that or they don't like
> giving feedback despite the fact that I specifically asked for it and that
> once one vendor posts a patch, it is known for all servers.
>
> Microsoft has responded quickly and very well with excellent feedback and
> is working on a fix that should be available soon.  Last I knew, the rough
> plan was early next week, however that shouldn't be taken as anything
> official and may change now that this information has been prematurely
> posted.
>
> This information was not supposed to be posted publicly until vendors had
> a week or so to make up a fix.  Unfortunately, it's too late for that now.
>
> >
> > Know to be affected are IIS 4.0, Netscape Enterprise 3.0x and Website
> > Pro don't recall the version.
>
> No.  Website Pro is not impacted, at least in recent versions.  It detects
> the attempt and explicitly denies attempts to acccess the short name.

Next message: Patrick J. McEvoy: "Livingston needs to update CERT regarding smurfing"
Previous message: Aleph One: "Re: Nifty Security hole on Several NT Based Web Servers"
Maybe in reply to: Aleph One: "Nifty Security hole on Several NT Based Web Servers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:33 PDT