Bugtraq mailing list archives
Re: personal web server directory traversal vulnerability patch
From: Gary Flynn <flynngn () jmu edu>
Date: Sun, 17 Jun 2001 01:03:19 +0200
David Raitzer wrote:
I assembled an effective patch for the UNICODE directory traversal vulnerability issue in Microsoft Personal Web Server 4.0 for Windows 95/98, which was noted previously on this list. It can be downloaded at: http://www.geocities.com/p_w_server/pws_patch/index.htm
David, I was spending my morning trying to decide how to address this issue and saw your email. Talk about timing. :) Being responsible (paranoid?), I wanted to verify the patch files against the Microsoft equivalents. I had assumed that you mixed and matched existing Microsoft dlls and exes from the various patches and created your own installer. I unpackaged the -010 and -078 patches and tried to do file compares. Many of the .DLL files in your package didn't match files in either Microsoft package. I also couldn't find some of the version numbers included in your package on the Microsoft DLL Help database. Anyway, I was curious where these files came from. Did you use a binary editor to patch them or recreate them from scratch somehow? Or am I just looking in the wrong places? thanks, -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml ----- End forwarded message -----
Current thread:
- personal web server directory traversal vulnerability patch David Raitzer (Jun 14)
- Re: personal web server directory traversal vulnerability patch Gary Flynn (Jun 15)
- <Possible follow-ups>
- RE: personal web server directory traversal vulnerability patch Dinos Pastos (Jun 15)
- Re: personal web server directory traversal vulnerability patch Gary Flynn (Jun 18)