Full Disclosure mailing list archives
Re: Microsoft Cries Wolf ( again )
From: "Geoincidents" <geoincidents () getinfo org>
Date: Wed, 2 Jul 2003 19:23:02 -0400
About a year ago, I tripped over this issue. (I have since found out it is a known bug - see http://www.sitepoint.com/print/1029). In an effort to help MS, I spent hours of company time registering to various bug reporting services on MS sites - and never found one that would accept my bug report because IE is not a paid product. Not that I wanted any support - I only wanted to help them out.
How many semi serious issues exist where people just never bother to disclose them to the public and where the vendor decides to ignore the notification? Any NTFS volume, doesn't matter if it's NT4, W2K, or XP is susceptable to being wasted by a virus that does nothing but create files. How you ask? Simple create a bunch of 500 byte files until you fill the partition, now delete them, ok now try to use the partition to store normal sized files, you can't use but 20% of it because 80% of it is now MFT. NTFS has a problem in that it never shrinks the MFT, when you create small files NTFS stores the whole file in the MFT instead of storing a data segment, by filling the disk with tiny files you expand the MFT and the only way to reduce it once it's expanded is to reformat the partition. Do you think a virus that had this simple capability could do some damage? Imagine a desktop getting the virus and having it create the files on a server share. I told MS about this back on 0ct 10 2002 and even sent them exploit code, never even got a response, not even a "sorry we don't consider it a threat" note. I've talked to others and their only possible point was if you can create and delete files then you could just delete the disk, my counter point was any user who has access to store files on a server could exploit this but those same users could not delete the server partition or damage the server disk in any other way except for their files. There is a way to protect servers from this, use quotas. But what I wonder is how many other issues like this never see the light of day because the vendor ignores it and nobody takes it public? Geo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Microsoft Cries Wolf ( again ), (continued)
- Re: Microsoft Cries Wolf ( again ) KF (Jul 01)
- Re: Microsoft Cries Wolf ( again ) dhtml (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Kristian Hermansen (Jul 01)
- Re: Microsoft Cries Wolf ( again ) KF (Jul 01)
- RE: Microsoft Cries Wolf ( again ) Schmehl, Paul L (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Shawn McMahon (Jul 02)
- Re: Microsoft Cries Wolf ( again ) Kristian Hermansen (Jul 06)
- Re: Microsoft Cries Wolf ( again ) gandalf94305 (Jul 06)
- Re: Microsoft Cries Wolf ( again ) mattmurphy () kc rr com (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Karl DeBisschop (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Geoincidents (Jul 02)
- Re: Microsoft Cries Wolf ( again ) Justin Shin (Jul 02)
- Vote with your dollars (Was: Re: Microsoft Cries Wolf ( again )) Peter Busser (Jul 02)
- Re: Microsoft Cries Wolf ( again ) andrewg (Jul 02)
- Re: Microsoft Cries Wolf ( again ) Karl DeBisschop (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Karl DeBisschop (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Ron DuFresne (Jul 03)
- Re: Microsoft Cries Wolf ( again ) Peter Busser (Jul 04)
- Re: Microsoft Cries Wolf ( again ) morning_wood (Jul 04)
- Re: Microsoft Cries Wolf ( again ) Nick FitzGerald (Jul 04)
- Re: Microsoft Cries Wolf ( again ) Ron DuFresne (Jul 12)
- RE: Microsoft Cries Wolf ( again ) Scott (Jul 13)