From: Ray Arachelian <sunder@brainlink.com>
To: cypherpunks@toad.com
Message Hash: 524a9f1174cb8771f3bf366d392a9aa493284a806f6eeb1e6bff9b62805e9c5d
Message ID: <Pine.SUN.3.91.970220132719.13984K-100000@beast.brainlink.com>
Reply To: N/A
UTC Datetime: 1997-02-20 18:24:57 UTC
Raw Date: Thu, 20 Feb 1997 10:24:57 -0800 (PST)
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 20 Feb 1997 10:24:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NTSEC] ! [ADVISORY] Major Security Hole in MS ASP (fwd)
Message-ID: <Pine.SUN.3.91.970220132719.13984K-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain
=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\.
..\|/..|sunder@sundernet.com|boots on; If you're gonna try, just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/.
.+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================
---------- Forwarded message ----------
Date: Thu, 20 Feb 1997 11:39:01 -0600
From: Mark Joseph Edwards <mark@ntshop.net>
To: "'bugtraq@netspace.org'" <bugtraq@netspace.org>
Cc: "'ntbugtraq@rc.on.ca'" <ntbugtraq@rc.on.ca>,
"'ntsecurity@iss.net'" <ntsecurity@iss.net>
Subject: [NTSEC] ! [ADVISORY] Major Security Hole in MS ASP
MICROSOFT IIS AND ACTIVE SERVER ADVISORY
Security Hole in ASP Discovered in Microsoft ASP
February 20, 1997
DESCRIPTION
A serious security hole was found in Microsoft's Active Server Pages (ASP) by Juan T. Llibre <j.llibre@codetel.net.do>. This hole allows Web clients to download unprocessed ASP files potentially exposing user ids and passwords. ASP files are the common file type used by Microsoft's IIS and Active Server to perform server-side processing.
HOW IT WORKS
To download an unprocessed ASP file, simply append a period to the asp URL. For example: http://www.domain1.com/default.asp becomes http://www.domain1.com/default.asp. With the period appendage, Internet Information Server (IIS) will send the unprocessed ASP file to the Web client, wherein the source to the file can be examined at will. If the source includes any security parameter designed to allow access to other system processes, such as an SQL database, they will be revealed.
DEFENSE
There are two known ways to stop this behavior:
1.Turn read permissions off of the ASP directory in the Internet Service Manager. This may not be a practical solution since many sites mix ASP and HTML files. If your site mixes these files together in the same directories, you may want to segregate them immediately. Now and in the future, treat your ASP files like any other Web based executable, and keep them in separate directories wherein permissions can be adjusted accordingly.
2.Download this filter written by Christoph Wille Christoph.Wille@unileoben.ac.at which can be located at http://www.ntshop.net/security/tools/sechole.zip or from http://www.genusa.com/asp/patch/sechole.zip
END OF ADVISORY
Return to February 1997
Return to “Ray Arachelian <sunder@brainlink.com>”
1997-02-20 (Thu, 20 Feb 1997 10:24:57 -0800 (PST)) - [NTSEC] ! [ADVISORY] Major Security Hole in MS ASP (fwd) - Ray Arachelian <sunder@brainlink.com>