[10849] in bugtraq
Filter Patch for .HTR requests... keeps sever functionality.
daemon@ATHENA.MIT.EDU (eEye - Digital Security Team)
Thu Jun 17 12:24:29 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <00ac01beb86a$25486c20$abd40018@CORE.EEYE>
Date: Thu, 17 Jun 1999 02:36:03 -0000
Reply-To: eEye - Digital Security Team <eeye@EEYE.COM>
From: eEye - Digital Security Team <eeye@EEYE.COM>
To: BUGTRAQ@NETSPACE.ORG
This is a quick fix to allow .htr files, therefore not breaking
functionality such as /iisadmpwd/. Some companies were asking if there was a
possible way to fix the .htr hole without removing the .htr ISAPI filter.
Here is the fix to do so.
The filter patch we created will limit all .htr requests to 255 characters,
therefore if someone tries the overflow it will get cut off and will never
happen. Also, the IP address of the person trying the overflow is logged in
the application log file along with the actual query.
Credits:
This is a modification of ASPBUGFILTER by Christoph Wille
Christoph.Wille@softwing.com, AUSTRIA.
The fix was inspired by, Brett Glass brett@lariat.org and Niall McKay
niall@niall.org.
For the Patch and Source visit:
http://www.eeye.com/database/advisories/ad06081999/ad06081999-ogle.html
If you find any bugs in it send an email to alert@eEye.com
eEye Digital Security Team
http://www.eEye.com
P.S.
This is not a perfect patch as there are more overflows in ism.dll than just
.htr extensions... but this patch is a lot better than current
recommendations and it is open source so you can hack it up to do whatever
you like... maybe redirect people to a page telling them they have been
logged or some "scary" thing.
P.P.S.
While we are posting we would like to thank the security community for their
positive response and helpfulness over the last couple of days.
