[13403] in bugtraq
IIS still revealing paths for web directories
daemon@ATHENA.MIT.EDU (Michael Howard)
Tue Jan 18 11:57:46 2000
Mime-Version: 1.0
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=SHA1; boundary="----=_NextPart_000_0035_01BF6110.52603130"
Message-Id: <BBE1B65AF746D111868B00805FFEEF641D7271D7@RED-MSG-53>
Date: Mon, 17 Jan 2000 17:28:43 -0800
Reply-To: Michael Howard <mikehow@MICROSOFT.COM>
From: Michael Howard <mikehow@MICROSOFT.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
------=_NextPart_000_0035_01BF6110.52603130
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
here's the low-down.
1) if you don't use ida or idq files then nuke the mappings in iis.
2) if you do use them, then make sure the "Check file exists" option is
checked
3) we are working on a fix and doing 'due-diligence' to make sure
there's nothing similar or regressions
4) we'll post the fix once (3) is complete
thanks!
Cheers, Michael Howard
Windows 2000 Security
Got an 'Access Denied' problem? Check the appropriate logs first!
------=_NextPart_000_0035_01BF6110.52603130
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIF3jCCAsIw
ggIroAMCAQICAwHA0DANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl
c3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UE
CxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAx
OTk5LjkuMTYwHhcNOTkxMjAxMjMxMjQ4WhcNMDAxMTMwMjMxMjQ4WjBiMQ8wDQYDVQQEEwZIb3dh
cmQxEDAOBgNVBCoTB01pY2hhZWwxFzAVBgNVBAMTDk1pY2hhZWwgSG93YXJkMSQwIgYJKoZIhvcN
AQkBFhVtaWtlaG93QG1pY3Jvc29mdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYK
oXyl6I4H5296NPsyNnef5TRdcFL/646dZl+4q0LzUTn96wBVisskVl19xR31szqrBjc0kuLWBVNX
dv0hNeCT4IBYgC1TX1vsvbGSiFWer5/En3xgxHG94k41LE9gFql983UJDYNga3w7p9/tQYMV3tKE
LMX3zL3fNbcjydHFAgMBAAGjUzBRMCAGA1UdEQQZMBeBFW1pa2Vob3dAbWljcm9zb2Z0LmNvbTAM
BgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFIir8WCDZlX05FjHRh3AYb0j18OMMA0GCSqGSIb3DQEB
BAUAA4GBABDye9MyMkotv3FV+DDhQtflmm4jj7o3hgapUCjNci9n5U/oE+i9K8ClvNBUYXu3zS+l
tXB5T22Eg3gZV9S/iggpdkpKOcq0MAonEMMdi2QaY/H5nUGqaxgehtFzg/4Sm9wGFMVrNQpQbQ+m
8X9TLpI+Ray+u+uyQGIrQspBmNgJMIIDFDCCAn2gAwIBAgIBCzANBgkqhkiG9w0BAQQFADCB0TEL
MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRow
GAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
cyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZI
hvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTk5MDkxNjE0MDE0MFoXDTAx
MDkxNTE0MDE0MFowgZQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFDASBgNV
BAcTC0R1cmJhbnZpbGxlMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNl
cnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMTk5OS45LjE2MIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQCzaVqX1NAWC3q1xV3pIZwjcs0STEv3fs/H+8pyJPRCUqxXleN7
YXoXhOf9cjk4lLTq7WWnkgZeveBl9hm7lHl2TD65aHB1hBz0EXQAvAUsTwkDFzHM9EHUcsamXeKI
RLCLLsRN8fDWhT5s85WUeJF+QOmc0Y0VV47Cc+Uw3kb1TwIDAQABozcwNTASBgNVHRMBAf8ECDAG
AQH/AgEAMB8GA1UdIwQYMBaAFHJJwnM0xlX0C3ZygX539IfnxrIOMA0GCSqGSIb3DQEBBAUAA4GB
AGvGWekx+um27LED2N9ycv6RYEjqxlXde/BnjsZhcOdtwqU32J23FyhWBYvdXHVvxpGQxmxmcRPQ
EHxrkW+G4CE2LcHX6rIJrc8tbcaDUpv7u/6ch538t+l0kuRcl678fqzKDW9yemcsa3P1hvmd9QBu
9B0Hzp2egmMp75MJflXeMYICrjCCAqoCAQEwgZwwgZQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxX
ZXN0ZXJuIENhcGUxFDASBgNVBAcTC0R1cmJhbnZpbGxlMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNV
BAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0Eg
MTk5OS45LjE2AgMBwNAwCQYFKw4DAhoFAKCCAWcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
BgkqhkiG9w0BCQUxDxcNMDAwMTE4MDEyODUxWjAjBgkqhkiG9w0BCQQxFgQUqXpEL+F4Z4XLgGQB
Nz4Z5MK+2UYwWAYJKoZIhvcNAQkPMUswSTANBggqhkiG9w0DAgIBKDAKBggqhkiG9w0DBzAOBggq
hkiG9w0DAgICAIAwBwYFKw4DAgcwBwYFKw4DAhowCgYIKoZIhvcNAgUwga0GCSsGAQQBgjcQBDGB
nzCBnDCBlDELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVy
YmFudmlsbGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2VydGlmaWNhdGUgU2VydmljZXMx
KDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAxOTk5LjkuMTYCAwHA0DANBgkqhkiG9w0B
AQEFAASBgG0oPXafwQcrELMtyyqayB20BlcZau5A2AZQYK/fuQPUXVFrCj0mlP4ouZww7TG+bbH+
946u0zoRAroNHyo9qKdGkn3x844v9Eyh/4SH229otkMX+glObfgP6G1oAM4PxPyfCitaJFprVboc
0HR3M+dBk/O2dHxPNHiECwNcMxByAAAAAAAA
------=_NextPart_000_0035_01BF6110.52603130--
