lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <536279598.20070313233802@SECURITY.NNOV.RU>
Date: Tue, 13 Mar 2007 23:38:02 +0300
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: Daniel Hazelton <dhazelton@...er.net>
Cc: bugtraq@...urityfocus.com, "Steven M. Christey" <coley@...re.org>
Subject: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues

Dear Daniel Hazelton,

--Tuesday, March 13, 2007, 8:29:39 PM, you wrote to bugtraq@...urityfocus.com:


DH> I haven't used Vista at all, but from reading the MS documentation about the
DH> new version of NTFS that it uses it appears that Unix style symlinks are
DH> supported. (From what I can tell they've been possible since the start, just
DH> not implemented)

DH> So for any WIndows system that shares the new NTFS code with Vista this is a
DH> valid vuln. Although I'm not positive about whether MS actually released
DH> tools along with Vista to use this feature, I'm more than certain that it
DH> does exist. (However, this may be a moot point. MS might still flag a
DH> cross-reference like a Unix-style symlink as a filesystem error)

Yes,  Vista  supports  Unix-style  symlinks  and  there  is "mklink". By
default,  only  member  of administrators group can create ones and this
policy  should  never  be  changed.  So,  again,  there  is  no  symlink
vulnerability in it's classic way in default configuration.

Only  if  you  change symlink policy, you get security hole. In terms of
Unix,  you'll  get  system with commonly used /tmp and without mkstemp()
ever used.



-- 
~/ZARAZA http://securityvulns.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ