Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues

To: Daniel Hazelton <dhazelton@xxxxxxxxx>
Subject: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Tue, 13 Mar 2007 23:38:02 +0300
Cc: bugtraq@xxxxxxxxxxxxxxxxx, "Steven M. Christey" <coley@xxxxxxxxx>
In-reply-to: <200703131329.39954.dhazelton@xxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: http://www.security.nnov.ru
References: <200703122314.l2CNEaLU014080@xxxxxxxxxxxxxxx> <699038966.20070313190151@xxxxxxxxxxxxxxxx> <200703131329.39954.dhazelton@xxxxxxxxx>
Reply-to: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>

Dear Daniel Hazelton,

--Tuesday, March 13, 2007, 8:29:39 PM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx:


DH> I haven't used Vista at all, but from reading the MS documentation about the
DH> new version of NTFS that it uses it appears that Unix style symlinks are
DH> supported. (From what I can tell they've been possible since the start, just
DH> not implemented)

DH> So for any WIndows system that shares the new NTFS code with Vista this is a
DH> valid vuln. Although I'm not positive about whether MS actually released
DH> tools along with Vista to use this feature, I'm more than certain that it
DH> does exist. (However, this may be a moot point. MS might still flag a
DH> cross-reference like a Unix-style symlink as a filesystem error)

Yes,  Vista  supports  Unix-style  symlinks  and  there  is "mklink". By
default,  only  member  of administrators group can create ones and this
policy  should  never  be  changed.  So,  again,  there  is  no  symlink
vulnerability in it's classic way in default configuration.

Only  if  you  change symlink policy, you get security hole. In terms of
Unix,  you'll  get  system with commonly used /tmp and without mkstemp()
ever used.



-- 
~/ZARAZA http://securityvulns.com/

References:
- Re: Microsoft Windows Vista/2003/XP/2000 file management security issues
  - From: Steven M. Christey
- Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
  - From: 3APA3A
- Re: Microsoft Windows Vista/2003/XP/2000 file management security issues
  - From: Daniel Hazelton

Prev by Date: Absolute Image Gallery Gallery.ASP (categoryid) MSSQL Injection Exploit
Next by Date: Re: [Full-disclosure] Woltab Burning Board SQL Injection usergroups.php
Previous by thread: Re: Microsoft Windows Vista/2003/XP/2000 file management security issues
Next by thread: Re: Microsoft Windows Vista/2003/XP/2000 file management security issues
Index(es):
- Date
- Thread