vulnerability note 11689
Microsoft IIS: access bypass via INDEX_ALLOCATION
Synthesis of the vulnerability
An attacker can use the NTFS $INDEX_ALLOCATION attribute, in order to bypass access rules of directories protected by Microsoft IIS.Impacted products:
IIS, .NET Framework.
Description of the vulnerability
The NTFS filesystem supports File Streams which add information on a file or a directory. The $INDEX_ALLOCATION (0xA0) attribute contains the indexing tree of a directory. For example, "C:\directory::$INDEX_ALLOCATION" is the tree of "C:\directory".
Microsoft IIS can be configured to restrict the access to some directories, such as "http://server/admin/". However, if the attacker adds the $INDEX_ALLOCATION attribute to the directory, IIS allows the access.
An attacker can therefore use the NTFS $INDEX_ALLOCATION attribute, in order to bypass access rules of directories protected by Microsoft IIS.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a software vulnerability management
. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.