Security Incidents mailing list archives
Frontpage Exploits
From: kmccammon () TIDALWAVE NET (Keith McCammon)
Date: Wed, 19 Apr 2000 10:37:05 -0400
Hey all, We are running a FrontPage server (not necessarily by choice). This morning, the sites on the machine began requesting NT challenge/response to browse sites. It appears that eh IUSR/IWAM accounts were no longer in the NTFS permissions for parent directory. Anyone know of any exploits to summarily replace NTFS permissions on a FrontPage Server? A separate exploit also stops all sites from serving - a past problem that we think we fixed. Can't hurt to have that info anyway. MACHINE: NT 4.0, SP6, MDAC 2.1, running Serv-U FTP (also latest version, fully patched). All known hotfixes in place. Thanks, Keith W. McCammon Network Administrator Quantum Communications, Inc.
Current thread:
- CGI scans from Strauss.udel.edu -- They're back Jose Nazario (Apr 14)
- Re: CGI scans from Strauss.udel.edu -- They're back Tom Perrine (Apr 15)
- Re: CGI scans from Strauss.udel.edu -- They're back Matthew S. Hallacy (Apr 16)
- Re: CGI scans from Strauss.udel.edu -- They're back Omachonu Ogali (Apr 18)
- Rapid Web page harvesting, probably by marketing firm Brett Glass (Apr 18)
- Frontpage Exploits Keith McCammon (Apr 19)
- Re: CGI scans from Strauss.udel.edu -- They're back Elliot L. Tobin (Apr 17)
- Re: CGI scans from Strauss.udel.edu -- They're back Dragos Ruiu (Apr 17)
- Re: CGI scans from Strauss.udel.edu -- They're back Ryan Russell (Apr 18)
- Re: CGI scans from Strauss.udel.edu -- They're back Bryan Seitz (Apr 19)
- Re: CGI scans from Strauss.udel.edu -- They're back Marcelo Magnasco (Apr 18)
- Rooted through in.identd on Red Hat 6.0 Del Elson (Apr 18)
- Re: Rooted through in.identd on Red Hat 6.0 Sebastian (Apr 20)
- Re: Rooted through in.identd on Red Hat 6.0 Dmitry Alyabyev (Apr 20)
- RH6.1/IPChains box hacked J. J. Horner (Apr 20)
- Re: RH6.1/IPChains box hacked Jon Lewis (Apr 21)