lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <200703122314.l2CNEaLU014080@faron.mitre.org>
Date: Mon, 12 Mar 2007 19:14:36 -0400 (EDT)
From: "Steven M. Christey" <coley@...re.org>
To: bugtraq@...urityfocus.com
Subject: Re: Microsoft Windows Vista/2003/XP/2000 file management security issues


3APA3A said:

>I. There is no symlinks under Windows. Symlink attacks are not
>possible.

I'm not a Windows expert, but...  There have been some past
vulnerabilities where an attacker could upload a shortcut (.lnk) file
and access files outside of the intended directory.  In cases of FTP
servers or mail clients, this makes symlink style attacks remotely
feasible.  Some previously reported examples are
CVE-2004-2672/CVE-2005-0519/CVE-2005-0520 (argosoft), CVE-2005-2184
(eRoom), CVE-2005-0587 (Firefox), and CVE-2001-1386 (WFTPD).

So, issues *like* symlink vulnerabilities can happen on Windows - but
whether they're under-reported is unknown.  Hard links, too
(CVE-2002-0725 for NT and CVE-2003-0844 for mod_gzip).  Maybe there's
something about Windows API functions that make it more rare than in
the Unix world?

- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ