Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Alert: Microsoft Security Notification service

Re: Alert: Microsoft Security Notification service

Aleph One (aleph1DFW.NET)
Wed, 1 Jul 1998 21:38:09 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Brian Martin: "RSI.0005.05-14-98.SUN.LIBNSL (w/ errata)"
Previous message: Aleph One: "ASP vulnerability with Alternate Data Streams"

---------- Forwarded message ----------
Date: Wed, 1 Jul 1998 22:30:57 -0400
From: Russ <Russ.CooperRC.ON.CA>
To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Subject: Re: Alert: Microsoft Security Notification service

First, a clarification to the "Disable READ Access" workaround
statement.

You can prevent the ASP's from being viewed by disabling READ access
within MMC for the ASPs. If you disable READ access for your entire site
(or all files, like .gif, .htm, .etc) then those files will not be
displayed at all.

ASPs need execute only, all non-executing files need READ access to
display normally.

Second, Microsoft have been notified. Expect a fix announcement shortly.

Third, I was able to talk to Bob Denny (author of O'Reilly's WebSite
Pro), it is not affected by this exploit. I was not able to find a
contact at Netscape to ask.

Cheers,
Russ

Next message: Brian Martin: "RSI.0005.05-14-98.SUN.LIBNSL (w/ errata)"
Previous message: Aleph One: "ASP vulnerability with Alternate Data Streams"