Serious Security Flaws in NT Webservers

Post Reply
User avatar
Thunderstone
Site Admin
Posts: 2504
Joined: Wed Jun 07, 2000 6:20 pm

Serious Security Flaws in NT Webservers

Post by Thunderstone »




There are two recently discovered bugs that could threaten the
security of NT based webservers. We have not yet assessed the
potential ramifications of these bugs with respect to Thunderstone's
products but felt that you should be aware of them.

BUG 1:

If you are using almost any Webserver except IIS and You have .asp pages,
or other kinds of scripts, on your site, in the directory that your website
is served from.

By adding a period '.' to the end of a URL that would otherwise be
denied access a browser may obtain the source to that script.
If that source has passwords of other sensitive data in it, you've
got trouble.

EG: change "www.yoursite.com/logon.asp" to "www.yoursite.com/logon.asp."

This bug stems from inherited legacy DOS code for 8.3 type filename processing.
Microsoft found and silently corrected this hole in IIS but not the OS which
is why everyone but Microsoft has the bug.

BUG2:

On Microsoft IIS Servers only. If you add the string "::$DATA" to the end
of any script name URL you will receive the source code to that application.
This hole has all of the same security threats implicit in BUG1.

EG: change http://www.nasdaq.com/asp/quotes_quick.asp
to http://www.nasdaq.com/asp/quotes_quick.asp::$DATA

It worked this morning on these pages too:

www.microsoft.com/default.asp::$DATA
www.activestate.com/lyris/lyris.pl::$DATA


Good luck,
Thunderstone



User avatar
Thunderstone
Site Admin
Posts: 2504
Joined: Wed Jun 07, 2000 6:20 pm

Serious Security Flaws in NT Webservers

Post by Thunderstone »



But 2 only seems to effect IIS versions prior to 4.0


User avatar
Thunderstone
Site Admin
Posts: 2504
Joined: Wed Jun 07, 2000 6:20 pm

Serious Security Flaws in NT Webservers

Post by Thunderstone »




I've seen it on at least one NT box running IIS 4.0.

-Kai


User avatar
Thunderstone
Site Admin
Posts: 2504
Joined: Wed Jun 07, 2000 6:20 pm

Serious Security Flaws in NT Webservers

Post by Thunderstone »



It affects both versions 3 and 4, if the right conditions are met. You
can read details on how to solve this in Microsoft's Knowledge base,
article Q188806.

Kevin Cook said:


Post Reply