lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <002e01c340f0$fb363bb0$231a90d8@NTAUTHORITY>
From: geoincidents at getinfo.org (Geoincidents)
Subject: Microsoft Cries Wolf ( again )

> About a year ago, I tripped over this issue. (I have since found out it
> is a known bug - see http://www.sitepoint.com/print/1029). In an effort
> to help MS, I spent hours of company time registering to various bug
> reporting services on MS sites - and never found one that would accept
> my bug report because IE is not a paid product. Not that I wanted any
> support - I only wanted to help them out.

How many semi serious issues exist where people just never bother to
disclose them to the public and where the vendor decides to ignore the
notification?

Any NTFS volume, doesn't matter if it's NT4, W2K, or XP is susceptable to
being wasted by a virus that does nothing but create files. How you ask?
Simple create a bunch of 500 byte files until you fill the partition, now
delete them, ok now try to use the partition to store normal sized files,
you can't use but 20% of it because 80% of it is now MFT.

NTFS has a problem in that it never shrinks the MFT, when you create small
files NTFS stores the whole file in the MFT instead of storing a data
segment, by filling the disk with tiny files you expand the MFT and the only
way to reduce it once it's expanded is to reformat the partition.

Do you think a virus that had this simple capability could do some damage?
Imagine a desktop getting the virus and having it create the files on a
server share.

I told MS about this back on 0ct 10 2002 and even sent them exploit code,
never even got a response, not even a "sorry we don't consider it a threat"
note. I've talked to others and their only possible point was if you can
create and delete files then you could just delete the disk, my counter
point was any user who has access to store files on a server could exploit
this but those same users could not delete the server partition or damage
the server disk in any other way except for their files.

There is a way to protect servers from this, use quotas. But what I wonder
is how many other issues like this never see the light of day because the
vendor ignores it and nobody takes it public?

Geo.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ