Bugtraq mailing list archives
Re: Nifty Security hole on Several NT Based Web Servers
From: nitin () NETSCAPE COM (nitin)
Date: Fri, 9 Jan 1998 11:27:47 -0800
We have been made aware of the problem last week (or early this week). We are planning to put out a patch for Enterprise 3.0 and Fasttrack 3.01 on NT. The patch is being built/verified currently and should be available soon. -Nitin Aleph One wrote:
---------- Forwarded message ---------- Date: Thu, 8 Jan 1998 21:28:06 -0700 From: Marc Slemko <marcs () ZNEP COM> To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM Subject: Re: Nifty Security hole on Several NT Based Web Servers On Thu, 8 Jan 1998, Greg Skafte wrote:A collegue of mine discovered a very interesting bug in several Web server packages. if you protect a file that is not 8.3 in its makeup you can often access the canonical name without restriction. EG: if a file named "somelongfile.htm" and you protect it then you can access somef~1.htm if somel~1.htm is the canonical name. (don't recall the corect NT term). This also applies to directory names as well. We have notified some of the affected vendors but haven't tested all the various NT Web servers.Microsoft and Netscape have been contacted. Netscape has apparently ignored me. Well, either that or they don't like giving feedback despite the fact that I specifically asked for it and that once one vendor posts a patch, it is known for all servers. Microsoft has responded quickly and very well with excellent feedback and is working on a fix that should be available soon. Last I knew, the rough plan was early next week, however that shouldn't be taken as anything official and may change now that this information has been prematurely posted. This information was not supposed to be posted publicly until vendors had a week or so to make up a fix. Unfortunately, it's too late for that now.Know to be affected are IIS 4.0, Netscape Enterprise 3.0x and Website Pro don't recall the version.No. Website Pro is not impacted, at least in recent versions. It detects the attempt and explicitly denies attempts to acccess the short name.
Current thread:
- Re: Nifty Security hole on Several NT Based Web Servers Aleph One (Jan 09)
- <Possible follow-ups>
- Re: Nifty Security hole on Several NT Based Web Servers Aleph One (Jan 09)
- Re: Nifty Security hole on Several NT Based Web Servers nitin (Jan 09)