Re: Web Server Folder Traversal

["Johan.Augustsson" <Johan.Augustsson () ADM GU SE>]

At 14:52 2001-02-27 -0500, Portnoy, Gary wrote:

<snipp>


> Yep, that's indeed the case, then why am I seeing the above in the logs, and
> why am I still vulnerable, even though the patch is applied?  Could this be
> perhaps related to the order the patches were applied, or is there some
> other dependency?  This is NT4 SP5, with almost all the released security
> patches, or so I thought....

From the page
http://www.microsoft.com/technet/security/bulletin/MS00-086.asp where you
can read about the "bug".

"Note: The IIS 4.0 patch can be applied atop systems running Windows NT 4.0
Service Pack 6a. It will be included in Windows NT 4.0 Service Pack 7."

You need to install SP6a before you install the IIS-patch.


Johan Augustsson
Incident Response Team
University of Gothenburg



> Gary Portnoy
> Network Administrator
> gportnoy () belenosinc com
>
> PGP Fingerprint: 9D69 6A39 642D 78FD 207C  307D B37D E01A 2E89 9D2C