lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <73069.1157944743@ideon.st.ryukoku.ac.jp>
Date: Mon, 11 Sep 2006 12:19:03 +0900
From: kjm@...s.ryukoku.ac.jp (KOJIMA Hajime)
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: FYI: MS06-049 patch (920958) corrupts NTFS
	compression files

  just FYI...

  MS06-049 patch (920958) corrupts NTFS compression files. 

Affected sytem
--------------

  Windows 2000 SP4 + MS06-049 patch (920958)

Discussion
----------

* Discussion in english:
  http://www.microsoft.com/technet/community/newsgroups/dgbrowser/en-us/default.mspx?&query=920958&lang=en&cr=US&guid=&sloc=en-us&dg=microsoft.public.win2000.file_system&p=1&tid=d826afe9-2ab1-4b2f-ae11-cc27702f574a
* Discussion in japanese:
  http://slashdot.jp/~oops/journal/
  http://pc8.2ch.net/test/read.cgi/win/1151414872/47-
  http://slashdot.jp/security/article.pl?sid=06/09/10/068243

How to demonstrate
------------------

  1. Creat folder on NTFS partition.
  2. Enable NTFS compression to that folder.
  3. Insert Windows 2000 Installation disk to your CD-ROM drive.
  4. Copy all files from Windows 2000 Installation disk to that
     folder.
  5. Compare.

How to prevent
--------------

  Uninstall MS06-049 patch (920958).

How to find corrupted files
---------------------------

  Try findcorr tool (by 147-win/1151414872):
  http://211.2.20.24/pub/findcorr.lzh

  C:\> findcorr.exe
  Usage: findcorr [-a] [-d] [-e] path

  Options:
           -a      Scan all files including uncompressed files.
           -d      Report compression directories.
           -e      Exact mode.

How to fix corrupted files
--------------------------

  Restore them from backups.

Patch and NTFS compression
--------------------------

  If you install patch, patch installer create backup folder for
  uninstall, such as C:\WINNT\$NtUninstallKB920958$, and copy old
  files to it.

  This folder is NTFS compression enabled automatically.  You
  cannot turn off this feature.

Official information from Microsoft
-----------------------------------

  Not yet, but they are working to fix problem.

- kjm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ