Nifty Security hole on Several NT Based Web Servers

---------- Forwarded message ----------
Date: Thu, 8 Jan 1998 19:04:23 -0700
From: Greg Skafte <skafte_at_WORLDGATE.COM>
To: NTBUGTRAQ_at_LISTSERV.NTBUGTRAQ.COM
Subject: Nifty Security hole on Several NT Based Web Servers

A collegue of mine discovered a very interesting bug in several Web
server packages. if you protect a file that is not 8.3 in its makeup
you can often access the canonical name without restriction. EG:

if a file named "somelongfile.htm" and you protect it then you can
access somef~1.htm if somel~1.htm is the canonical name. (don't recall
the corect NT term). This also applies to directory names as well.

We have notified some of the affected vendors but haven't tested all
the various NT Web servers.

Know to be affected are IIS 4.0, Netscape Enterprise 3.0x and Website
Pro don't recall the version.

--
Email: skafte_at_worldgate.com       Voice: +403 413 1910    Fax: +403 421 4929
   #575 Sun Life Place * 10123 99 Street * Edmonton, AB * Canada * T5J 3H1
--                                                                        --
When things can't get any worse, they simplify themselves by getting a whole
lot worse then complicated. A complete and utter disaster is the simplest
thing in the world; it's preventing one that's complex.       (Janet Morris)