Rapid7 Vulnerability & Exploit Database

Nginx: Vulnerabilities with Windows 8.3 filename pseudonyms (CORE-2010-0121)

Back to Search

Nginx: Vulnerabilities with Windows 8.3 filename pseudonyms (CORE-2010-0121)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
02/05/2010
Created
07/25/2018
Added
01/27/2014
Modified
01/30/2015

Description

When a file is created on a Windows system, a DOS-compatible 8.3 short file name (hereafter referred to as '8.3 alias') is generated for backwards compatibility reasons. Both names can be used to refer to the same file. Applications which allow users to specify file names on Windows systems should be aware of these aliases and handle them appropriately. Often, by using 8.3 aliases for files, one can bypass IDS/IPS detection, and evade filters and file restrictions. This can be a result of the fact that only the long versions of file and folder names will be restricted and the alias will not match the long filename. Referencing files using their 8.3 aliases can even change how the files are handled, due to truncation of the file extension in the event that the file extension is longer than three characters. This problem is exacerbated by the fact that intermediary systems used for things like load balancing and caching do not have access to the actual file system being accessed and need to convert any filenames and pathnames with restrictions to their 8.3 alias before comparing to user data, which, given the presence of other files or folders on the system with similar names, may not be possible.

Solution(s)

  • nginx-nginx-upgrade-0_7_65
  • nginx-nginx-upgrade-0_8_33

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;