This is a multi-part message in MIME format.
------=_NextPart_000_003A_01BF6110.ACC55DD0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_003B_01BF6110.ACC55DD0"
------=_NextPart_001_003B_01BF6110.ACC55DD0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
this is by design - the call inside iis is wrapped in an exception
handler and reporting the error. kinda like this:
try {
char *pF = NULL;
*pF = "Hello, there!";
} catch {
// oops! there was an error
}
Cheers, Michael Howard
Windows 2000 Security
Got an 'Access Denied' problem? Check the appropriate logs first!
-----Original Message-----
From: Lark Lizerman [mailto:webmasterat_private]
Sent: Thursday, January 13, 2000 7:06 PM
To: BUGTRAQat_private
Subject: MS IIS 5.0 Access Violation on handling URL String
Description:
MS IIS 5.0 has problems handling a specific form of URL ending with
"ida".
The extension ida has been taken from the Bugtraq posting "IIS revealing
webdirectories"
The problem causes 2 kind of results.
The one result is that the server responds with a message like
"URL String too long"; "Cannot find the specified path"
The other error causes the server to terminate with an Access Violation.
When the server "Access violates" it displays as last message:
File
d:\http\................................................................
........................................................................
........................................................................
............................................???????.
Error 0xc0000005 caught while processing query
<snip>
------=_NextPart_001_003B_01BF6110.ACC55DD0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#fffff0>
<DIV><FONT color=3D#0000ff face=3D"Trebuchet MS" size=3D2><SPAN=20
class=3D483302901-18012000>this is by design - the call inside iis is =
wrapped in=20
an exception handler and reporting the error. kinda like=20
this:</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3D"Trebuchet MS" size=3D2><SPAN=20
class=3D483302901-18012000></SPAN></FONT> </DIV>
<DIV><FONT color=3D#0000ff face=3D"Trebuchet MS" size=3D2><SPAN=20
class=3D483302901-18012000>try {</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3D"Trebuchet MS" size=3D2><SPAN=20
class=3D483302901-18012000> char *pF =3D =
NULL;</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3D"Trebuchet MS" size=3D2><SPAN=20
class=3D483302901-18012000> *pF =3D "Hello,=20
there!";</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3D"Trebuchet MS" size=3D2><SPAN=20
class=3D483302901-18012000>} catch {</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3D"Trebuchet MS" size=3D2><SPAN=20
class=3D483302901-18012000> // oops! there was an=20
error</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3D"Trebuchet MS" size=3D2><SPAN=20
class=3D483302901-18012000>}</SPAN></FONT></DIV>
<DIV> </DIV>
<P><B><FONT face=3D"Trebuchet MS" size=3D2>Cheers, Michael =
Howard</FONT></B>=20
<BR><B><FONT face=3D"Trebuchet MS" size=3D2>Windows 2000 =
Security</FONT></B>=20
<BR><FONT face=3D"Trebuchet MS" size=3D1>Got an 'Access Denied' problem? =
Check the=20
appropriate logs first!</FONT> </P>
<BLOCKQUOTE style=3D"MARGIN-RIGHT: 0px">
<DIV align=3Dleft class=3DOutlookMessageHeader dir=3Dltr><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Lark Lizerman=20
[mailto:webmasterat_private]<BR><B>Sent:</B> Thursday, January 13, =
2000 7:06=20
PM<BR><B>To:</B> BUGTRAQat_private<BR><B>Subject:</B> MS IIS =
5.0=20
Access Violation on handling URL String<BR><BR></DIV></FONT>
<DIV><FONT face=3DArial size=3D2>Description:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>MS IIS 5.0 has problems handling a =
specific form=20
of URL ending with "ida".</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>The extension ida has been taken from =
the Bugtraq=20
posting "IIS revealing webdirectories"</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>The problem causes 2 kind of=20
results.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>The one result is that the server =
responds with a=20
message like</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>"URL String too long"; "Cannot find =
the specified=20
path"</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>The other error causes the server to =
terminate=20
with an Access Violation.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>When the server "Access =
violates" it=20
displays as last message:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial=20
=
size=3D2>File<BR>d:\http\................................................=
.........................................................................=
.........................................................................=
..........................................................???????.<BR>Err=
or=20
0xc0000005 caught while processing query</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT color=3D#0000ff face=3D"Trebuchet MS" size=3D2><SPAN=20
=
class=3D483302901-18012000><snip></SPAN></FONT></DIV></BLOCKQUOTE><=
/BODY></HTML>
------=_NextPart_001_003B_01BF6110.ACC55DD0--
------=_NextPart_000_003A_01BF6110.ACC55DD0
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIF3jCCAsIw
ggIroAMCAQICAwHA0DANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl
c3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UE
CxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAx
OTk5LjkuMTYwHhcNOTkxMjAxMjMxMjQ4WhcNMDAxMTMwMjMxMjQ4WjBiMQ8wDQYDVQQEEwZIb3dh
cmQxEDAOBgNVBCoTB01pY2hhZWwxFzAVBgNVBAMTDk1pY2hhZWwgSG93YXJkMSQwIgYJKoZIhvcN
AQkBFhVtaWtlaG93QG1pY3Jvc29mdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYK
oXyl6I4H5296NPsyNnef5TRdcFL/646dZl+4q0LzUTn96wBVisskVl19xR31szqrBjc0kuLWBVNX
dv0hNeCT4IBYgC1TX1vsvbGSiFWer5/En3xgxHG94k41LE9gFql983UJDYNga3w7p9/tQYMV3tKE
LMX3zL3fNbcjydHFAgMBAAGjUzBRMCAGA1UdEQQZMBeBFW1pa2Vob3dAbWljcm9zb2Z0LmNvbTAM
BgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFIir8WCDZlX05FjHRh3AYb0j18OMMA0GCSqGSIb3DQEB
BAUAA4GBABDye9MyMkotv3FV+DDhQtflmm4jj7o3hgapUCjNci9n5U/oE+i9K8ClvNBUYXu3zS+l
tXB5T22Eg3gZV9S/iggpdkpKOcq0MAonEMMdi2QaY/H5nUGqaxgehtFzg/4Sm9wGFMVrNQpQbQ+m
8X9TLpI+Ray+u+uyQGIrQspBmNgJMIIDFDCCAn2gAwIBAgIBCzANBgkqhkiG9w0BAQQFADCB0TEL
MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRow
GAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
cyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZI
hvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTk5MDkxNjE0MDE0MFoXDTAx
MDkxNTE0MDE0MFowgZQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFDASBgNV
BAcTC0R1cmJhbnZpbGxlMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNl
cnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMTk5OS45LjE2MIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQCzaVqX1NAWC3q1xV3pIZwjcs0STEv3fs/H+8pyJPRCUqxXleN7
YXoXhOf9cjk4lLTq7WWnkgZeveBl9hm7lHl2TD65aHB1hBz0EXQAvAUsTwkDFzHM9EHUcsamXeKI
RLCLLsRN8fDWhT5s85WUeJF+QOmc0Y0VV47Cc+Uw3kb1TwIDAQABozcwNTASBgNVHRMBAf8ECDAG
AQH/AgEAMB8GA1UdIwQYMBaAFHJJwnM0xlX0C3ZygX539IfnxrIOMA0GCSqGSIb3DQEBBAUAA4GB
AGvGWekx+um27LED2N9ycv6RYEjqxlXde/BnjsZhcOdtwqU32J23FyhWBYvdXHVvxpGQxmxmcRPQ
EHxrkW+G4CE2LcHX6rIJrc8tbcaDUpv7u/6ch538t+l0kuRcl678fqzKDW9yemcsa3P1hvmd9QBu
9B0Hzp2egmMp75MJflXeMYICrjCCAqoCAQEwgZwwgZQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxX
ZXN0ZXJuIENhcGUxFDASBgNVBAcTC0R1cmJhbnZpbGxlMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNV
BAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0Eg
MTk5OS45LjE2AgMBwNAwCQYFKw4DAhoFAKCCAWcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
BgkqhkiG9w0BCQUxDxcNMDAwMTE4MDEzMTIzWjAjBgkqhkiG9w0BCQQxFgQUFsEfitp5LAEZW+Mw
OnoKozHDcBMwWAYJKoZIhvcNAQkPMUswSTANBggqhkiG9w0DAgIBKDAKBggqhkiG9w0DBzAOBggq
hkiG9w0DAgICAIAwBwYFKw4DAgcwBwYFKw4DAhowCgYIKoZIhvcNAgUwga0GCSsGAQQBgjcQBDGB
nzCBnDCBlDELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVy
YmFudmlsbGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2VydGlmaWNhdGUgU2VydmljZXMx
KDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAxOTk5LjkuMTYCAwHA0DANBgkqhkiG9w0B
AQEFAASBgGPqQXU8NVub2Hysmi4/zxX2sOv33ang9r5HF3NOoFbRaUeny1ra9Sy5Ne5XLBfKDa+R
Wtn1N6hOuG6r0SSI3AoesnIChOhoQ3OD8xQCxGv1L7p4TEh4fNxS0CH0wOikQ9fseSqE0GLdiQk6
KrjLcRFvfortPdOkwUG+d1SH0/AIAAAAAAAA
------=_NextPart_000_003A_01BF6110.ACC55DD0--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:28:43 PDT