Hive: HKEY_LOCAL_MACHINE\SYSTEM Key: \CurrentControlSet\Control\FileSystem Name: NtfsDisable8dot3NameCreation Type: REG_DWORD Value: 1 (turns off 8.3 name generation, only 16 bit need). =========================================== Troy D. Murray Microcomputer Hardware/Software Coordinator Michigan State University College of Human Medicine Department of Medicine Immunohematology & Serology Lab B228 Life Science East Lansing, MI 48824-1034 (P) 517-432-3545 (F) 517-353-5436 (E) murrayt5at_private -----Original Message----- From: Seth Arnold [mailto:sarnoldat_private] Sent: Thursday, August 16, 2001 7:32 PM To: bugtraqat_private Subject: Re: MS-DOS Filename/Directory Vulnerability On Thu, Aug 16, 2001 at 07:08:16PM -0700, Felipe Moniz wrote: > I tested this in the PWS (based on IIS 4) and it worked. > > I created a file called "clientlist2001.txt" and with client~1.txt > (www.site.com/client~1.txt) I get the clientlist2001.txt without know > the complete name of the file. The problem occurs also when I type > "postin~1.htm" for access "postinfo.html" file. This is a known problem. There is a switch that can be thrown somewhere (possibly only in the registry, but I thought I have seen a checkbox for this somewhere...) that does not generate the MSDOS names on NTFS partitions. Microsoft has written a guide to securing WinNT; I bet they have updated it for Win2k as well. They detail how to turn off the MSDOS filename support in that document. Cheers!
This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 19:49:37 PDT