OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: FW: Translate:f summary, history and thoughts
From: Russ (Russ.CooperRC.ON.CA)
Date: Tue Aug 15 2000 - 19:42:02 CDT

-----Original Message-----
From: Russ [mailto:Russ.CooperRC.ON.CA]
Sent: Tuesday, August 15, 2000 4:48 PM
To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Subject: Re: Translate:f summary, history and thoughts

To be clear, there are two distinct vulnerabilities being referred to by
Daniel called "TRANSLATE:f"

1. IIS 4.0/IIS 5.0 and virtual directories residing on UNC shares, patched
by MS00-019.

2. IIS 5.0 (with or without MS00-019) patched by SP1 or MS00-058.

IIS 4.0 boxes patched with MS00-019 are not vulnerable to the issues
addressed by MS00-058 (which explains why there isn't an IIS 4.0 version of
it).

IIS 5.0 boxes patched with MS00-019 are vulnerable to the issues addressed
by MS00-058, whether or not their ASP source resides on a UNC share or not.

So, wrt MS00-058, IIS 4.0 users need do nothing (other than be sure you've
gotten all of the other patches you should have). IIS 5.0 users should apply
SP1 or the patch referred to in MS00-058.

Some IIS users have told me that even after applying the appropriate fixes
they are still vulnerable to Daniel's Translate:f tests. This is because
other security steps have not been implemented on your systems to ensure
that ASP source is not available upon request (namely incorrect permissions
on web directories or files).

Hopefully we won't be visiting this issue again in a year as another
"RDS-like" problem that nobody has remembered to fix.

Cheers,
Russ - NTBugtraq Editor