we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability note 11689

Microsoft IIS: access bypass via INDEX_ALLOCATION

Synthesis of the vulnerability

An attacker can use the NTFS $INDEX_ALLOCATION attribute, in order to bypass access rules of directories protected by Microsoft IIS.
Impacted products: IIS, .NET Framework.
Severity: 2/4.
Creation date: 11/06/2012.
Identifiers: BID-53906, VIGILANCE-VUL-11689.

Description of the vulnerability

The NTFS filesystem supports File Streams which add information on a file or a directory. The $INDEX_ALLOCATION (0xA0) attribute contains the indexing tree of a directory. For example, "C:\directory::$INDEX_ALLOCATION" is the tree of "C:\directory".

Microsoft IIS can be configured to restrict the access to some directories, such as "http://server/admin/". However, if the attacker adds the $INDEX_ALLOCATION attribute to the directory, IIS allows the access.

An attacker can therefore use the NTFS $INDEX_ALLOCATION attribute, in order to bypass access rules of directories protected by Microsoft IIS.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability management. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.