Another IIS hole discovered

— 3:07 AM on May 16, 2001

No, it's not an old-news backdoor, but a simple glitch that can be fixed with patches found in this Microsoft security bulletin. The Reg has the following explanation.

When an obfuscated file name passes the first decoding, which, among other things, searches for .com and .exe extensions, a second, superfluous decoding restores the original name and grants access to the executable file, handily enabling an attacker to carry out a directory traversal and run arbitrary code outside the Web directory.

The vulnerability enables the execution of arbitrary code, denial of service attacks, and data disclosure -- which is a total drag if you have a file full of credit card details somewhere on your server.

I do have to wonder how many admins will simply fail to administer this patch, and end up as a news story themselves a week or two from now when the world comes crashing down around them.
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.