[13976] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Doubledot bug in FrontPage FrontPage Personal Web Server.

daemon@ATHENA.MIT.EDU (Alexander Kiwerski)
Wed Feb 23 00:18:47 2000

Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id:  <4.2.0.58.20000221125342.009a3e80@noc.seattle.winstar.net>
Date:         Mon, 21 Feb 2000 12:55:10 -0800
Reply-To: Alexander Kiwerski <alex@WINSTAR.NET>
From: Alexander Kiwerski <alex@WINSTAR.NET>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <Pine.LNX.3.96.1000218220842.27959C-100000@zothommog.evcom. net>

Is there a fix or patch for this bug? I haven't been able to find any
direct information on what versions aren't affected by this bug. I know a
couple of people that run small websites using this thing (unfortunately).

-Alexander Kiwerski


At 10:10 PM 2/18/00 -0500, Jeff Dafoe wrote:
>On Fri, 18 Feb 2000, GALES,SIMON (Non-A-ColSprings,ex1) wrote:
>
>         I was able to reporduce this on a PWS installation under Win98
>second edition.
>
>
>Jeff Dafoe
>System Administrator
>Evolution Communications, Inc.
>
>
> > Does this only occur on Win9x?  Has anyone been able to reproduce this?
> > Jan, which OS/SP were you running?
> >
> > I vaguely remember some discussion (in BugTraq or NTBugTraq maybe?) about
> > using "..." and/or "...." from the command prompt, and this is probably
> tied
> > to that problem.
> >
> > G. Simon Gales
> > george_gales@non.hp.com <mailto:george_gales@non.hp.com>
> >
> > -----Original Message-----
> > From: Jan van de Rijt [mailto:rijt@WISH.NET]
> > Sent: Tuesday, February 15, 2000 6:16 PM
> > To: BUGTRAQ@SECURITYFOCUS.COM
> > Subject: Doubledot bug in FrontPage FrontPage Personal Web Server.
> >
> >
> > Description: Doubledot bug in FrontPage FrontPage Personal Web Server.
> > Compromise: Accessing drive trough browser.
> > Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested.
> > Details:
> > When FrontPage-PWS runs a site on your c:\ drive your drive could be
> > accessed by any user accessing your page, simply by requesting any file in
> > any directory except the files in the FrontPage dir. specially /_vti_pvt/.
> >
> > How to exploit this bug?
> > Simply adding /..../ in the URL addressbar.
> >
> > http://www.target.com/..../ <http://www.target.com/..../<>>
> <any_dir>/<any_file>
> >
home help back first fref pref prev next nref lref last post