[14327] in bugtraq
Re: con\con is a old thing (anyway is cool)
daemon@ATHENA.MIT.EDU (Oliver Friedrichs)
Fri Mar 17 06:14:18 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Message-Id: <4036B8ED3AAED3118F9E00A0CC58F9F187CC@MAIL>
Date: Wed, 15 Mar 2000 10:29:18 -0800
Reply-To: Oliver Friedrichs <OFriedrichs@SECURITY-FOCUS.COM>
From: Oliver Friedrichs <OFriedrichs@SECURITY-FOCUS.COM>
X-To: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
While we're on the issue of creating known devices under Windows. An
issue I remember noting awhile back is that under Windows NT, it's
possible to create and remove most of these devices over a file
share. They aren't treated as special files. You cannot however
create or remove these files locally. I imagine that this is due to
the fact that there are descrepencies between file operations
processed through the CIFS layer, and operations processed locally.
While this probably isn't a serious issue, the main problem is that
someone could create a large number of these files (as I recall you
could use a large number of variations), and the local user would not
be able to remove them, since they can only be removed via a network
share. More an annoyance than anything..
For example, you can create known devices with random extensions over
a file share, com1.1 com1.2 com1.3 com1.4, and you cannot remove them
locally. It's probably a good thing that the CIFS layer doesn't
provide direct access to these devices, otherwise an anonymous share
could open up a number of other security issues.
- - Oliver
> -----Original Message-----
> From: Elias Levy [mailto:aleph1@SECURITYFOCUS.COM]
> Sent: Saturday, March 11, 2000 2:43 PM
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: Re: con\con is a old thing (anyway is cool)
>
>
> Summary of message on the con\con Windows issue.
>
> Any permutation of certain DOS device names as a filename of the
> form "device\device" when opened will crash Windows 95/98. Devices
> that seem to trigger the bug include "con", "aux", "nul", and
> "clock$". So not
> only will "con\con" trigger it, but so will "aux\clock$",
> "clock$\con",
> etc.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
iQA/AwUBOM/U5cm4FXxxREdXEQITjwCfW2vD6C1O30haifPxKz4VqZh2IXkAnRhQ
SJim3ep7YE+6sGZ5DR+iVcRG
=6cmK
-----END PGP SIGNATURE-----
