[13649] in bugtraq
RecyclerSnooper(MS00-007)
daemon@ATHENA.MIT.EDU (Nobuo Miwa)
Wed Feb 2 01:17:14 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <200002020823.EDE86927.NBJ-OX@lac.co.jp>
Date: Wed, 2 Feb 2000 08:23:47 +0900
Reply-To: Nobuo Miwa <n-miwa@LAC.CO.JP>
From: Nobuo Miwa <n-miwa@LAC.CO.JP>
X-To: Bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hi,
I made a small program.
This makes a lots of folders under Recycler folder.
I mean ANY users can make folders under Recycler folder.
Like this....
When some user("user1")'s SID is
S-1-5-21-823518204-813497703-1708537768-1004,
my program will make
S-1-5-21-823518204-813497703-1708537768-1001
S-1-5-21-823518204-813497703-1708537768-1002
S-1-5-21-823518204-813497703-1708537768-1003
...
...
S-1-5-21-823518204-813497703-1708537768-1199
S-1-5-21-823518204-813497703-1708537768-1200
In this case its parameter is "RecyclerSnooper.exe 200 C".
After that another user("user2", SID=...1006) throw garbage
away FIRST time, user1 can read it.
Yeah, user1 can read another user's garbages in case another
user didn't throw garbage yet. It's minor problem.
You can download and test from
http://www.lac.co.jp/security/test/files/RecyclerSnooper.exe
This could be available on WinNT and Win2K.
I reported this to MS on 31st Oct,'99...
I waited with Arne Vidstrom for few months !
See Microsoft Security Bulletin (MS00-007).
<Nobuo Miwa> n-miwa@lac.co.jp ( @ @ ) http://www.lac.co.jp/security/
------------------------------o00o--(. .)--o00o--------------------------
