[21441] in bugtraq
Re: Windows MS-DOS Device Name DoS vulnerabilities
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Tue Jul 10 10:52:10 2001
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: bugtraq@securityfocus.com, djenkins@usb.com
Reply-To: pgut001@cs.auckland.ac.nz
X-Charge-To: pgut001
Date: Tue, 10 Jul 2001 16:19:15 (NZST)
Message-ID: <99473875519397@kahu.cs.auckland.ac.nz>
Dennis Jenkins <djenkins@usb.com> writes:
>He will access the device. This is documented in the book "Undocumented Dos"
>(author, editor, press I don't remember).
My copies claims to be by Schumann et al, published by Addison-Wesley.
>In the early days of DOS, there was a reason why this was done. But I don't
>remember that either.
Speaking of the early days of DOS, this bug has been around for a long, long
time. I remember being able to crash BBS's 10 years ago [0] by uploading zip
files containing reserved names which would bring down the system when the BBS
software scanned the file. I think later versions of Pkzip would try and check
for reserved names to try and prevent this.
Peter.
[0] With the permission of the sysop, done as a demonstration.
