Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RecyclerSnooper(MS00-007)

From: n-miwa () LAC CO JP (Nobuo Miwa)
Date: Wed, 2 Feb 2000 08:23:47 +0900

Hi,

I made a small program.
This makes a lots of folders under Recycler folder.
I mean ANY users can make folders under Recycler folder.

Like this....

  When some user("user1")'s SID is
      S-1-5-21-823518204-813497703-1708537768-1004,
  my program will make
      S-1-5-21-823518204-813497703-1708537768-1001
      S-1-5-21-823518204-813497703-1708537768-1002
      S-1-5-21-823518204-813497703-1708537768-1003
      ...
      ...
      S-1-5-21-823518204-813497703-1708537768-1199
      S-1-5-21-823518204-813497703-1708537768-1200

  In this case its parameter is "RecyclerSnooper.exe 200 C".
  After that another user("user2", SID=...1006) throw garbage
  away FIRST time, user1 can read it.
  Yeah, user1 can read another user's garbages in case another
  user didn't throw garbage yet. It's minor problem.

You can download and test from
http://www.lac.co.jp/security/test/files/RecyclerSnooper.exe
This could be available on WinNT and Win2K.

I reported this to MS on 31st Oct,'99...
I waited with Arne Vidstrom for few months !

See Microsoft Security Bulletin (MS00-007).

<Nobuo Miwa> n-miwa () lac co jp      ( @ @ ) http://www.lac.co.jp/security/
------------------------------o00o--(. .)--o00o--------------------------
Previous By Date Next
Previous By Thread Next

Current thread: