Data Mining Possible Using Subtree Search for AdsPath and SYS_RDN Only

ID: Q216401

The information in this article applies to:

Microsoft Site Server version 3.0

SYMPTOMS

When you perform a subtree search and only search for adsPath and SYS_RDN, the security check for inherited ACEs may be performed after returning the first match. The first row makes it by the security check, despite the lack of permissions.

RESOLUTION

To resolve this problem, apply the latest Site Server 3.0 service pack.

WORKAROUND

To work around this problem, set an absolute (physical) ACL on each and every object itself.

STATUS

Microsoft has confirmed this to be a problem in Site Server version 3.0. This problem has been corrected in the latest U.S. service pack for Site Server version 3.0. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces):

S E R V P A C K

Additional query words:


Keywords          : SS3SP2Fix 
Version           : winnt:3.0
Platform          : winnt 
Issue type        : kbbug

Last Reviewed: March 26, 1999