Full Disclosure mailing list archives

Re: Microsoft Cries Wolf ( again )

From: "Geoincidents" <geoincidents () getinfo org>
Date: Wed, 2 Jul 2003 19:23:02 -0400

About a year ago, I tripped over this issue. (I have since found out it
is a known bug - see http://www.sitepoint.com/print/1029). In an effort
to help MS, I spent hours of company time registering to various bug
reporting services on MS sites - and never found one that would accept
my bug report because IE is not a paid product. Not that I wanted any
support - I only wanted to help them out.


How many semi serious issues exist where people just never bother to
disclose them to the public and where the vendor decides to ignore the
notification?

Any NTFS volume, doesn't matter if it's NT4, W2K, or XP is susceptable to
being wasted by a virus that does nothing but create files. How you ask?
Simple create a bunch of 500 byte files until you fill the partition, now
delete them, ok now try to use the partition to store normal sized files,
you can't use but 20% of it because 80% of it is now MFT.

NTFS has a problem in that it never shrinks the MFT, when you create small
files NTFS stores the whole file in the MFT instead of storing a data
segment, by filling the disk with tiny files you expand the MFT and the only
way to reduce it once it's expanded is to reformat the partition.

Do you think a virus that had this simple capability could do some damage?
Imagine a desktop getting the virus and having it create the files on a
server share.

I told MS about this back on 0ct 10 2002 and even sent them exploit code,
never even got a response, not even a "sorry we don't consider it a threat"
note. I've talked to others and their only possible point was if you can
create and delete files then you could just delete the disk, my counter
point was any user who has access to store files on a server could exploit
this but those same users could not delete the server partition or damage
the server disk in any other way except for their files.

There is a way to protect servers from this, use quotas. But what I wonder
is how many other issues like this never see the light of day because the
vendor ignores it and nobody takes it public?

Geo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Microsoft Cries Wolf ( again ), (continued)
- - - Re: Microsoft Cries Wolf ( again ) KF (Jul 01)
- Re: Microsoft Cries Wolf ( again ) dhtml (Jul 01)
  - Re: Microsoft Cries Wolf ( again ) Kristian Hermansen (Jul 01)
  - Re: Microsoft Cries Wolf ( again ) KF (Jul 01)
- RE: Microsoft Cries Wolf ( again ) Schmehl, Paul L (Jul 01)
  - Re: Microsoft Cries Wolf ( again ) Shawn McMahon (Jul 02)
  - Re: Microsoft Cries Wolf ( again ) Kristian Hermansen (Jul 06)
    - Re: Microsoft Cries Wolf ( again ) gandalf94305 (Jul 06)
- Re: Microsoft Cries Wolf ( again ) mattmurphy () kc rr com (Jul 01)
  - Re: Microsoft Cries Wolf ( again ) Karl DeBisschop (Jul 01)
    - Re: Microsoft Cries Wolf ( again ) Geoincidents (Jul 02)
    - Re: Microsoft Cries Wolf ( again ) Justin Shin (Jul 02)
    - Vote with your dollars (Was: Re: Microsoft Cries Wolf ( again )) Peter Busser (Jul 02)
    - Re: Microsoft Cries Wolf ( again ) andrewg (Jul 02)
  - Re: Microsoft Cries Wolf ( again ) Karl DeBisschop (Jul 01)
  - Re: Microsoft Cries Wolf ( again ) Ron DuFresne (Jul 03)
    - Re: Microsoft Cries Wolf ( again ) Peter Busser (Jul 04)
    - Re: Microsoft Cries Wolf ( again ) morning_wood (Jul 04)
    - Re: Microsoft Cries Wolf ( again ) Nick FitzGerald (Jul 04)
    - Re: Microsoft Cries Wolf ( again ) Ron DuFresne (Jul 12)
    - RE: Microsoft Cries Wolf ( again ) Scott (Jul 13)

(Thread continues...)