lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <e92364c305070119267dacbf28@mail.gmail.com> Date: Sat Jul 2 03:26:55 2005 From: jftucker at gmail.com (James Tucker) Subject: Re: [VulnWatch] Microsoft Windows NTFS Information Disclosure cacls *.chk /G administrator:F in shared environments where for some reason your users have access to their drives. On 6/30/05, Matthew Murphy <mattmurphy@...rr.com> wrote: > Melvin Klassen wrote: > > >mattmurphy@...rr.com (Matthew Murphy) at Jun 30, 2005 12:01:59 PM wrote: > > > > > > > >>However, an apparent error in the NTFS driver's code causes the file > >>system to incorrectly assign disk blocks to files before they have been > >>initialized. Following a recovery from a system shutdown, uninitialized > >>data may be visible in files from previously allocated disk blocks. > >> > >> > > > >As far as I know, _every_ major Operating System has the same vulnerability. > > > >I do _NOT_ know of any Operating System that "zero's" each newly-allocated > >block/sector/track/cylinder of disk-space when allocating a "new" file, > >whether on disk, or on magnetic tape, or on removable media. > > > > IBM AIX? No. > > IBM z/VM? No. > > IBM z/OS? No. > > IBM OS/2? No. > > HP/UX? No. > > Linux? No. > > MS DOS? No. > > MS Windows? No. > > > > > I wrote a more detailed reply to Melvin off-list. This response misses > the point of the issue... which is not the fact that uninitialized data > exists on disk (a known fact exploited by everything from "Delete undo" > tools to forensic software), but that the NTFS accounting code treats > said data as a valid portion of the file's content, thus making it > readable to users without privileged access to the system. > > VulnWatch Mod Note: Moved to VulnDiscuss, as I feel this to be the more > sensible forum of discussion. You may want to move the original > response there as well, to avoid confusion. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > >
Powered by blists - more mailing lists