Bugtraq mailing list archives

Re: Microsoft Windows Vista/2003/XP/2000 file management security issues

From: "Steven M. Christey" <coley () mitre org>
Date: Mon, 12 Mar 2007 19:14:36 -0400 (EDT)


3APA3A said:

I. There is no symlinks under Windows. Symlink attacks are not
possible.


I'm not a Windows expert, but...  There have been some past
vulnerabilities where an attacker could upload a shortcut (.lnk) file
and access files outside of the intended directory.  In cases of FTP
servers or mail clients, this makes symlink style attacks remotely
feasible.  Some previously reported examples are
CVE-2004-2672/CVE-2005-0519/CVE-2005-0520 (argosoft), CVE-2005-2184
(eRoom), CVE-2005-0587 (Firefox), and CVE-2001-1386 (WFTPD).

So, issues *like* symlink vulnerabilities can happen on Windows - but
whether they're under-reported is unknown.  Hard links, too
(CVE-2002-0725 for NT and CVE-2003-0844 for mod_gzip).  Maybe there's
something about Windows API functions that make it more rare than in
the Unix world?

- Steve

Current thread:

Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, (continued)
- - - Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A (Mar 09)
    - Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues Tim (Mar 09)
    - Message not available
    - Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues Thor (Hammer of God) (Mar 10)
    - RE: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues Roger A. Grimes (Mar 10)
    - Message not available
    - Re: Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues Thor (Hammer of God) (Mar 12)
    - Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A (Mar 12)
    - RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues M. Burnett (Mar 09)
    - RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues Roger A. Grimes (Mar 09)
    - Message not available
    - RE: Re[4]: Microsoft Windows Vista/2003/XP/2000 file management security issues Roger A. Grimes (Mar 09)
    - Message not available
    - Re: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues Thor (Hammer of God) (Mar 09)
- Re: Microsoft Windows Vista/2003/XP/2000 file management security issues Steven M. Christey (Mar 13)
  - Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A (Mar 13)
    - Re: Microsoft Windows Vista/2003/XP/2000 file management security issues Daniel Hazelton (Mar 13)
    - Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A (Mar 15)
    - Re: Microsoft Windows Vista/2003/XP/2000 file management security issues Paweł Goleń (Mar 13)
    - Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A (Mar 14)
  - Re: Microsoft Windows Vista/2003/XP/2000 file management security issues Richard Huxton (Mar 13)