|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Questions regarding recent IIS vulnerabilities
Subject: Questions regarding recent IIS vulnerabilities
From: Brian Baker (bbaker
ATEAM.COM)
Date: Thu Dec 23 1999 - 09:38:14 CST
- Next message: Dan Ritter: "other domain userids dumped with pwdump2"
- Previous message: Undetermined origin c/o LISTSERV administrator: "Bypass Virus Checking under 95/98/NT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tuesday, Dec. 21, Microsoft posted 2 new security bulletins describing
vulnerabilities in IIS. After reading these bulletins, I still am unclear
on a couple issues:
(1) Re: MS99-058 -- "Virtual Directory Naming" Vulnerability
A line in this bulletin reads as follows:
********************************
This vulnerability would be most likely to occur due to administrator error,
or if a product generated an affected virtual directory name by default.
(Front Page Server Extensions is one such product).
********************************
This seems to indicate that any IIS server with FP server extensions would
be vulnerable. Does anyone have specifics on which default virtual
directories the FP server extensions create that would fall in this
category?
(2) Re: MS99-061 -- "Escape Character Parsing" Vulnerability
The FAQ (http://www.microsoft.com/security/bulletins/MS99-061faq.asp) for
this bulletin contains this statement:
********************************
If you are running any third-party product atop IIS, you should assume that
it is affected. Even if it currently is not, there is no guarantee that a
future version of the same product wouldn’t be affected. Likewise, you might
choose to install another third-party product that is affected at some
future point.
********************************
I'd like to know of any third-party products that are affected. MS seems to
indicate that there are some already on the market that are exploitable,
otherwise the exploit probably would not have been uncovered. Yet Microsoft
does not give any indication as to what these products might be. Any
insight here would be appreciated as well.
Brian Baker
- Next message: Dan Ritter: "other domain userids dumped with pwdump2"
- Previous message: Undetermined origin c/o LISTSERV administrator: "Bypass Virus Checking under 95/98/NT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Fri Dec 24 1999 - 10:59:26 CST