Bugtraq mailing list archives
Perl.exe and IIS security advisory
From: mnemonix () GLOBALNET CO UK (mnemonix)
Date: Fri, 22 Jan 1999 20:58:33 -0000
There is a problem with perl.exe similar to the issue discussed in KB article Q193689 where the physical disk location of a virtual web directory can be ascertained. In all versions of IIS, where a website has been configured to interpret perl scripts using the perl executable (perl.exe), a problem exists where a request for a non-existent file will return the physical location on a disk of a web directory. A request for: http://www.server.com/scripts/no-such-file.pl will return information similar to the following: CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: Can't open perl script "C:\InetPub\scripts\no-such-file.pl": No such file or directory Previously this was a problem when requesting a non-existent .IDC file but this was resolved with Service Pack 4. To resolve this problem in IIS 2 and 3 you can use perlis.dll, the ISAPI version of the perl interpreter, instead of the executable. You can use this in IIS 4 as well, however, if you still want to use perl.exe you can configure IIS to check for the file's existence. NTInfoScan, downloadable from http://www.infowar.co.uk/mnemonix/ntinfoscan.htm , checks for this problem and the .IDC issue as well as other security checks. Cheers, David Litchfield
Current thread:
- CFP: New Security Paradigms Workshop 1999, (continued)
- CFP: New Security Paradigms Workshop 1999 Crispin Cowan (Jan 21)
- Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
- Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
- linux crashes irix6.3 Philipp Schott (Jan 22)
- Re: linux crashes irix6.3 J.A. Gutierrez (Jan 23)
- CERT Advisory CA-99.01 - TCP.Wrappers (fwd) //Stany (Jan 22)
- Misleading CERT Advisory CA-99-01-Trojan-TCP-Wrappers Jochen Thomas Bauer (Jan 22)
- Follow up - IIS 4 logging mnemonix (Jan 23)
- WebRamp M3 remote network access bug John Stanley (Jan 21)
- Re: WebRamp M3 remote network access bug James Egelhof (Jan 21)
- Perl.exe and IIS security advisory mnemonix (Jan 22)
- Re: Perl.exe and IIS security advisory Tabor J. Wells (Jan 24)
- Repost: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Using Example Domain Names in Exploits bandregg () REDHAT COM (Jan 25)
- IIS Advisory Update Marc (Jan 24)
- Re: backdoored tcp wrapper source code John Stange (Jan 23)
- SSH 1.x and 2.x Daemon KuRuPTioN (Jan 23)
- Re: SSH 1.x and 2.x Daemon Jan B. Koum (Jan 24)
- Re: SSH 1.x and 2.x Daemon Linux Mailing Lists (Jan 25)
- Re: SSH 1.x and 2.x Daemon KuRuPTioN (Jan 25)