Suggest A Fix PC Support Forums > MS Alert: MS IIs v.4 Lets Local Users Modify the L

Full Version: MS Alert: MS IIs v.4 Lets Local Users Modify the L

Suggest A Fix PC Support Forums > Security > Security News and Warnings

73-1010870792

Jan 16 2002, 07:30 PM

Win NT/2000/XP

It is reported that the default permissions of IIS 4 log files (running on Windows NT4 SP6a) allow user accounts in the 'Everyone' group to read, write, execute and delete the log files. In addition, the default permissions also give the 'Internet Guest' account full control over the log files.

It is reported that inetinfo opens the IIS log file with FILE_SHARE_READ and FILE_SHARE_WRITE share access parameters, allowing unprivileges applications to re-open the file and overwrite entries using an OpenFile Win32 API call.

A local user can modify the contents of the log file without detection. This could be used by an intruder to cover the signs of an intrusion.

No solution was available from Microsoft at this time.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.