[10781] in bugtraq
Re: Windows NT 4.0, 95, 98 (?) networked PRN flaw
daemon@ATHENA.MIT.EDU (STEVENS, Eric)
Thu Jun 10 14:44:15 1999
Mime-Version: 1.0
Content-Type: text/plain
Message-Id: <AA1266092DDDD11197A20000F84A81B801EB64F7@clvex04.clv.rpr.rp>
Date: Wed, 9 Jun 1999 15:25:23 -0400
Reply-To: "STEVENS, Eric" <Eric.Stevens@RP-RORER.COM>
From: "STEVENS, Eric" <Eric.Stevens@RP-RORER.COM>
X-To: Aj Mirani <ajm@islandcorp.com>
To: BUGTRAQ@NETSPACE.ORG
Well observed, but as I stated in my original email, prn.xxx can be deleted
in this fashion while prn with out an extension is quite stubborn about it's
place in the directory structure. It would seem that a different line of
code in the name parser declares prn to be bad than the one that declares
prn.xxx to be bad. The line to catch prn in a network path exists in the
del parser, but no other parser, wile the line to catch prn.xxx does not
exist in any parser.
I've recieved several emails suggesting using the same method of deleting
the file as I used to create it, and each of them has actually used a
prn.xxx file instead of a prn file. Please take note that they are
distinctly different, prn.xxx has successfully been removed using the same
method as creation while prn does not delete!
> -----Original Message-----
> From: Aj Mirani [SMTP:ajm@islandcorp.com]
> Sent: Tuesday, June 08, 1999 4:38 PM
> To: BUGTRAQ@netspace.org
> Subject: Re: Windows NT 4.0, 95, 98 (?) networked PRN flaw
>
> At 08:20 AM 04/06/99 -0400, you wrote:
> So you create a file like this:
> copy xxx.tmp \\Orbitor\Incoming\prn.xxx
>
> removing it is as easy as:
> del \\Orbitor\Incoming\prn.xxx
>
> This was tested on NT Workstation SP4
>
> >Now the flaw:
> >Although you cannot create a local file whose name is PRN, you can,
> >however, jump onto a networked server (suppose it's name is
> >\\whatever) and create (in any directory that you have creatable
> >permissions) any file or directory named PRN.xxx (again, xxx stands
> >for any extension). The server must be accessed by it's \\ notation,
> >you cannot do this if you map \\whatever\anydir to a drive (such as
> >w:), then go to w:\ and try to create the file, in that case your
> >machine's name parser blocks you.
>
>
> --
>
> Aj Mirani - ajm@islandcorp.com
> Network Administrator
> Island Corporation
> #10-3000 Landgstaff Rd
> Concord, ON L4K 4R7
> Tel: (905)761-1655
_____ ,----+ _________________________________ + _____
____ / __________ eric stevens ___________ \ ____
___ /--+ _____ eric.stevens@rp-rorer.com _____ \ ___
__ / ____ rpr graphics web design team _____ \ __
_ `----+ x-eric-conspiracy: there is no conspiracy + _
