Vulnerability Development mailing list archives
Re: more iis-unicode questions
From: JRC - Techno Logic Consulting <jcribb () tlc-sa com ar>
Date: Thu, 26 Oct 2000 12:10:19 -0300
You must remove the rights for EVERYONE in your files outside from INETPUB. ----- Original Message ----- From: "J. J. Horner" <jhorner () 2jnetworks com> To: "JRC - Techno Logic Consulting" <jcribb () tlc-sa com ar> Cc: <VULN-DEV () SECURITYFOCUS COM> Sent: Thursday, October 26, 2000 11:33 AM Subject: Re: more iis-unicode questions
What permissions stop the attack? I've seen machines that aren't
vulnerable before patching,
and I've seen machines with SP5 patched and still vulnerable. Any ideas? Jon On Thu, Oct 26, 2000 at 07:47:53AM -0300, JRC - Techno Logic Consulting
wrote:
Yes, I was tested with several Servers and works. But, when the security
rights of the files in the server was correctly configured, the security stops the atack.
----- Original Message ----- From: aliver vilereal To: VULN-DEV () SECURITYFOCUS COM Sent: Wednesday, October 25, 2000 11:10 PM Subject: more iis-unicode questions has anyone seen the iis-unicode exploit run over https? i'm not crazy
for thinking it is possible am i? i'm sorry to keep asking questions of the list, but i haven't been able to install iis and test these things, becasuse i am away from where my disk is.
thanks again aliver vilereal ubermother-- J. J. Horner jjhorner () bellsouth net System has been up: 20 days.
Current thread:
- more iis-unicode questions aliver vilereal (Oct 26)
- Re: more iis-unicode questions JRC - Techno Logic Consulting (Oct 27)
- Re: more iis-unicode questions Erik Tayler (Oct 27)
- Re: more iis-unicode questions J. J. Horner (Oct 27)
- Re: more iis-unicode questions JRC - Techno Logic Consulting (Oct 27)
- <Possible follow-ups>
- Re: more iis-unicode questions Fleck, Michael (Oct 27)
- Re: more iis-unicode questions JRC - Techno Logic Consulting (Oct 27)