[2303] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Microsoft IIS vv. 1.x, 2.0b New Security Bugs Alert.

daemon@ATHENA.MIT.EDU (. Andy Baron)
Tue Jul 2 20:25:36 1996

Date: Tue, 02 Jul 1996 19:13:39 -0400
To: www-security@ns2.rutgers.edu
From: baron@box.omna.com (. Andy Baron)
Errors-To: owner-www-security@ns2.rutgers.edu

   Sorry, the exit at the end of the BAT can not be considered as a good protection since bugs #2 and #3: anyone can create new BAT file in your /cgi-bin directory without "exit" at the end.

At 06:06 PM 7/1/96 GMT, you wrote:
>>...
>>        http://www.omna.com/msiis/
>>...
>
>You seem to have forgotten to publish one of the work-arounds:
>
>  Put EXIT at the end of your batch files!
>
>And check out http://www.softshore.com.au/cgi-bin/PEARL.BAT?
>
>- G.
>

   Sincerely,
   Andy


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2303] in WWW Security List Archive

Re: Microsoft IIS vv. 1.x, 2.0b New Security Bugs Alert.

daemon@ATHENA.MIT.EDU (. Andy Baron)Tue Jul 2 20:25:36 1996

daemon@ATHENA.MIT.EDU (. Andy Baron)
Tue Jul 2 20:25:36 1996