[10780] in bugtraq
Re: Windows NT 4.0, 95, 98 (?) networked PRN flaw
daemon@ATHENA.MIT.EDU (Neil Franklin)
Thu Jun 10 14:44:11 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <375F6085.49996035@arch.ethz.ch>
Date: Thu, 10 Jun 1999 08:51:49 +0200
Reply-To: franklin@ARCH.ETHZ.CH
From: Neil Franklin <franklin@ARCH.ETHZ.CH>
To: BUGTRAQ@NETSPACE.ORG
Jefferson Ogata wrote:
>
> The only way I've found to get rid of these files is by using the same NFS
> client code that was used to create them (whew!).
I would actually call this an nfsd Bug, that it accepts such paths.
Servers should not trust clients.
> This could be used to create a pretty nasty DoS
> I wonder what would happen if I created a file called "/etc/passwd" in
> the current directory... probably nothing. But who knows?
Annother DoS possibility: your backup software may crap on backing up
such a file, or even worse backup flawlessly and then crap on restoring
from an tape with such an file.
Old story: A friend of mine, years ago (so I can not remember the
details), had a Sun with an Appletalk deamon, which somehow managed to
bypass the "/" checks in the kernal. Macs allow "/" im Filenames, so
such a file got created. Whatever backup software he used crapped on
reading back the tape with these filenames in them.
As you have had such a file on your system, I would recommend an test
restore of the directory involved.
--
Neil Franklin, Sysadmin, Architecture & CAAD, ETH Zuerich
franklin@arch.ethz.ch.remove http://caad.arch.ethz.ch/~franklin/
