-Nitin
Aleph One wrote:
> ---------- Forwarded message ----------
> Date: Thu, 8 Jan 1998 21:28:06 -0700
> From: Marc Slemko <marcs@ZNEP.COM>
> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> Subject: Re: Nifty Security hole on Several NT Based Web Servers
>
> On Thu, 8 Jan 1998, Greg Skafte wrote:
>
> > A collegue of mine discovered a very interesting bug in several Web
> > server packages. if you protect a file that is not 8.3 in its makeup
> > you can often access the canonical name without restriction. EG:
> >
> > if a file named "somelongfile.htm" and you protect it then you can
> > access somef~1.htm if somel~1.htm is the canonical name. (don't recall
> > the corect NT term). This also applies to directory names as well.
> >
> > We have notified some of the affected vendors but haven't tested all
> > the various NT Web servers.
>
> Microsoft and Netscape have been contacted.
>
> Netscape has apparently ignored me. Well, either that or they don't like
> giving feedback despite the fact that I specifically asked for it and that
> once one vendor posts a patch, it is known for all servers.
>
> Microsoft has responded quickly and very well with excellent feedback and
> is working on a fix that should be available soon. Last I knew, the rough
> plan was early next week, however that shouldn't be taken as anything
> official and may change now that this information has been prematurely
> posted.
>
> This information was not supposed to be posted publicly until vendors had
> a week or so to make up a fix. Unfortunately, it's too late for that now.
>
> >
> > Know to be affected are IIS 4.0, Netscape Enterprise 3.0x and Website
> > Pro don't recall the version.
>
> No. Website Pro is not impacted, at least in recent versions. It detects
> the attempt and explicitly denies attempts to acccess the short name.