Bugtraq mailing list archives
RE: Long path exploit on NTFS
From: "Moorhouse, Walt P" <WaltPMoorhouse () eaton com>
Date: Thu, 31 Jan 2002 08:37:51 -0500
We have Trend OfficeScan. Trend finds it before the bat file can close the SUBST drive (SUBST Q: /D). It did however cause my realtime scanner's interface to throw an exception. It's still scanning, I just don't have the cute little heartbeat line in the taskbar. My question it this: Assuming it had gotten past my scanner, it could not be executed when the SUBST drive is removed could it? Because it couldn't be referenced to execute? Wouldn't someone have to re SUBST the drive and go it that way? And if they have the ability to do that, why don't they just run it while it is there? Unless I'm missing something, I don't see anything particularly dangerous about this, other than someone could eat up all your HD space with dark matter files (look, I coined a term!). Maybe I missed something though, it's been a long day! Still, I agree it needs to be addressed, but I would suggest the change should be made at the OS level, rather than the app level. Nice job finding this, Hans. Walt Moorhouse Network Administrator
Current thread:
- Long path exploit on NTFS hans . somers (Jan 30)
- RE: Long path exploit on NTFS Gavin Lowe (Jan 30)
- RE: Long path exploit on NTFS David LeBlanc (Jan 31)
- <Possible follow-ups>
- RE: Long path exploit on NTFS Leif Sawyer (Jan 30)
- RE: Long path exploit on NTFS Moorhouse, Walt P (Jan 31)