[10766] in bugtraq
Re: Windows NT 4.0, 95, 98 (?) networked PRN flaw
daemon@ATHENA.MIT.EDU (Aj Mirani)
Wed Jun 9 14:56:36 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <3.0.3.32.19990608173811.00920b50@bconnex.net>
Date: Tue, 8 Jun 1999 17:38:11 -0300
Reply-To: Aj Mirani <ajm@ISLANDCORP.COM>
From: Aj Mirani <ajm@ISLANDCORP.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <AA1266092DDDD11197A20000F84A81B801EB64C3@clvex04.clv.rpr.r p>
At 08:20 AM 04/06/99 -0400, you wrote:
So you create a file like this:
copy xxx.tmp \\Orbitor\Incoming\prn.xxx
removing it is as easy as:
del \\Orbitor\Incoming\prn.xxx
This was tested on NT Workstation SP4
>Now the flaw:
>Although you cannot create a local file whose name is PRN, you can,
>however, jump onto a networked server (suppose it's name is
>\\whatever) and create (in any directory that you have creatable
>permissions) any file or directory named PRN.xxx (again, xxx stands
>for any extension). The server must be accessed by it's \\ notation,
>you cannot do this if you map \\whatever\anydir to a drive (such as
>w:), then go to w:\ and try to create the file, in that case your
>machine's name parser blocks you.
--
Aj Mirani - ajm@islandcorp.com
Network Administrator
Island Corporation
#10-3000 Landgstaff Rd
Concord, ON L4K 4R7
Tel: (905)761-1655