Re: Microsoft Windows Vista/2003/XP/2000 file management security issues

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Microsoft Windows Vista/2003/XP/2000 file management security issues
From: "Steven M. Christey" <coley@xxxxxxxxx>
Date: Mon, 12 Mar 2007 19:14:36 -0400 (EDT)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

3APA3A said:

>I. There is no symlinks under Windows. Symlink attacks are not
>possible.

I'm not a Windows expert, but...  There have been some past
vulnerabilities where an attacker could upload a shortcut (.lnk) file
and access files outside of the intended directory.  In cases of FTP
servers or mail clients, this makes symlink style attacks remotely
feasible.  Some previously reported examples are
CVE-2004-2672/CVE-2005-0519/CVE-2005-0520 (argosoft), CVE-2005-2184
(eRoom), CVE-2005-0587 (Firefox), and CVE-2001-1386 (WFTPD).

So, issues *like* symlink vulnerabilities can happen on Windows - but
whether they're under-reported is unknown.  Hard links, too
(CVE-2002-0725 for NT and CVE-2003-0844 for mod_gzip).  Maybe there's
something about Windows API functions that make it more rare than in
the Unix world?

- Steve

Follow-Ups:
- Re: Microsoft Windows Vista/2003/XP/2000 file management security issues
  - From: Richard Huxton
- Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
  - From: 3APA3A

Prev by Date: Re: RIM BlackBerry Pearl 8100 Browser DoS
Next by Date: Re: Firekeeper - IDS for Firefox available
Previous by thread: Re: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
Next by thread: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
Index(es):
- Date
- Thread