Penetration Testing mailing list archives

Win2k Permissions bug

From: Parth Galen <Parth_Galen () ziplip com>
Date: 8 Jun 2001 23:06:17 -0000

FYI - I am relaying the following note for a friend. I will get all replies to him ASAP. Thx.
----------------------------------

I been working on this issue through a Microsoft Premier Support ticket for about 60 days. At this time we have not
received a resolution nor does one seem forthcoming. I am very disappointed at the response, or lack of response from
Microsoft Support on what I believe is a serious issue. I feel that you and others should be aware of our findings.

There is apparently a bug in Windows 2000 Server regarding NTFS permissions. The symptom is that at the individual
file level the Allow Inheritable Permissions switch and NTFS file permissions can change unexpectedly and without
notification. These changes to file security easily go unknown to both network administrators and end users.
Microsoft has acknowledged a similar problem referenced in KB article Q266731. Microsoft has created a hot fix for
this issue, however in testing the hot fix has not corrected the problem that we have identified.

Example: In the case where a particular file_s NTFS permissions are set different from those of its parent folder and
the inheritance box on the file has been unchecked, the inherit permissions box on the file can turn itself on and the
NTFS file permissions will then change to the permissions defined on the parent folder when the file is modified and
saved.

Configuration where the problem has been observed:
. Windows 2000 Server SP1
. NT 4.0 SP6a Workstation
. Various applications programs such as: Word 97, Excel 97, Visio 5.0

The problem seems to manifest itself when using applications that create temp files. As many current software packages
do create temp files the network security implications are obvious. While security problems are always serious, this
one carries the additional danger of network security being altered against the intention of the administrator, while
the administrator is unaware that security changes have taken place.

Any insight will be appreciated!
---------------------------------------

Current thread:

Win2k Permissions bug Parth Galen (Jun 09)
- Re: Win2k Permissions bug Frank Heyne (Jun 09)
- <Possible follow-ups>
- Re: Win2k Permissions bug Parth Galen (Jun 11)