Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Security App Flaws :: mspws4~1.htm

PWS long filename vulnerability(?)



COMMAND

    PWS

SYSTEMS AFFECTED

    PWS

PROBLEM

    Felipe Moniz found  following.  He  tested this in  the PWS (based
    on  IIS   4)  and   it  worked.    He   created  a   file   called
    "clientlist2001.txt"         and         with         client~1.txt
    (www.site.com/client~1.txt).   You   get  the   clientlist2001.txt
    without know the  complete name of  the file.   The problem occurs
    also when You type "postin~1.htm" for access "postinfo.html" file.

    PWS is vulnerable,  IIS 4.0 and  Sambar Server apparently  no, but
    certainly  other  win32  web  servers  are  vulnerable.   All long
    filenames,  directories  and  files   with  long  extensions   are
    vulnerable.

SOLUTION

    This is a  known problem.   There is a  switch that can  be thrown
    that does not generate the MSDOS names on NTFS partitions:

        Hive: HKEY_LOCAL_MACHINE\SYSTEM
        Key:  \CurrentControlSet\Control\FileSystem
        Name: NtfsDisable8dot3NameCreation
        Type: REG_DWORD
        Value: 1 (turns off 8.3 name generation, only 16 bit need).


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH