mailing list archives
.printer vulnerability needs execute perms?
From: mark <mark () FIRSTWORLD NET>
Date: Thu, 3 May 2001 11:04:35 -0600
-----BEGIN PGP SIGNED MESSAGE-----
I tested an IIS5 server for this vulnerability and was not able to
exploit without script or execute permissions. I have a couple
questions with regard to this.
1. Is there any current way of exploiting this vulnerability when
there is no scripting or execution allowed?
2. Does a default IIS5 install allow scripting or execution? The
reason I ask this is because I see this vulnerability as a default
install problem mainly, and good admins removed that ISAPI scriptmap
I am analyzing whether an IIS5 server without hotfixes/patches that
was installed with best practices in mind is still secure, it seems
to me that every exploit so far has been stopped dead in its tracks
by the following of simple 'best practices' from Microsoft. Between
separate disk partitions and removal of unneeded ISAPI extensions, a
lot of security is added. Please email me if you have any input or
thoughts on this.
Thank you for your time,
mark () firstworld net
Hektik.org Security Team
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
-----END PGP SIGNATURE-----
- .printer vulnerability needs execute perms? mark (May 04)