Re: MS-DOS Filename/Directory Vulnerability

• Previous message: ET LoWNOISE: "[LoWNOISE] Tomcat 3.2.1 ..0 DoS (WinNT)"
• In reply to: Felipe Moniz: "MS-DOS Filename/Directory Vulnerability"
• Next in thread: Troy Murray: "RE: MS-DOS Filename/Directory Vulnerability"
• Reply: Troy Murray: "RE: MS-DOS Filename/Directory Vulnerability"
• Reply: Alun Jones: "Re: MS-DOS Filename/Directory Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 16, 2001 at 07:08:16PM -0700, Felipe Moniz wrote:
> I tested this in the PWS (based on IIS 4) and it worked.
> 
> I created a file called "clientlist2001.txt" and with client~1.txt
> (www.site.com/client~1.txt) I get the clientlist2001.txt without know the
> complete name of the file. The problem occurs also when I type
> "postin~1.htm" for access "postinfo.html" file.

This is a known problem. There is a switch that can be thrown somewhere
(possibly only in the registry, but I thought I have seen a checkbox for
this somewhere...) that does not generate the MSDOS names on NTFS
partitions.

Microsoft has written a guide to securing WinNT; I bet they have updated
it for Win2k as well. They detail how to turn off the MSDOS filename
support in that document.

Cheers!

• Next message: Nsfocus Security Team: "NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability"
• Previous message: ET LoWNOISE: "[LoWNOISE] Tomcat 3.2.1 ..0 DoS (WinNT)"
• In reply to: Felipe Moniz: "MS-DOS Filename/Directory Vulnerability"
• Next in thread: Troy Murray: "RE: MS-DOS Filename/Directory Vulnerability"
• Reply: Troy Murray: "RE: MS-DOS Filename/Directory Vulnerability"
• Reply: Alun Jones: "Re: MS-DOS Filename/Directory Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 18:50:53 PDT