Bugtraq mailing list archives

Re: con\con is a old thing (anyway is cool)

From: OFriedrichs () SECURITY-FOCUS COM (Oliver Friedrichs)
Date: Wed, 15 Mar 2000 10:29:18 -0800


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

While we're on the issue of creating known devices under Windows.  An
issue I remember noting awhile back is that under Windows NT, it's
possible to create and remove most of these devices over a file
share.  They aren't treated as special files.  You cannot however
create or remove these files locally.  I imagine that this is due to
the fact that there are descrepencies between file operations
processed through the CIFS layer, and operations processed locally.
While this probably isn't a serious issue, the main problem is that
someone could create a large number of these files (as I recall you
could use a large number of variations), and the local user would not
be able to remove them, since they can only be removed via a network
share.  More an annoyance than anything..

For example, you can create known devices with random extensions over
a file share, com1.1 com1.2 com1.3 com1.4, and you cannot remove them
locally.  It's probably a good thing that the CIFS layer doesn't
provide direct access to these devices, otherwise an anonymous share
could open up a number of other security issues.

- - Oliver

-----Original Message-----
From: Elias Levy [mailto:aleph1 () SECURITYFOCUS COM]
Sent: Saturday, March 11, 2000 2:43 PM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Re: con\con is a old thing (anyway is cool)

Summary of message on the con\con Windows issue.

Any permutation of certain DOS device names as a filename of the
form "device\device" when opened will crash Windows 95/98. Devices
that seem to trigger the bug include "con", "aux", "nul", and
"clock$". So not
only will "con\con" trigger it, but so will "aux\clock$",
"clock$\con",
etc.


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOM/U5cm4FXxxREdXEQITjwCfW2vD6C1O30haifPxKz4VqZh2IXkAnRhQ
SJim3ep7YE+6sGZ5DR+iVcRG
=6cmK
-----END PGP SIGNATURE-----

Current thread:

con\con is a old thing (anyway is cool) Ussr Labs (Mar 06)
- Re: con\con is a old thing (anyway is cool) Stephen White (Mar 08)
- Realplayer update pedward () WEBCOM COM (Mar 09)
- Re: con\con is a old thing (anyway is cool) Elias Levy (Mar 11)
  - Re: con\con is a old thing (anyway is cool) YUFU (Mar 11)
- <Possible follow-ups>
- Re: con\con is a old thing (anyway is cool) Oliver Friedrichs (Mar 15)
  - Re: con\con is a old thing (anyway is cool) Bernd Luevelsmeyer (Mar 17)
  - Re: con\con is a old thing (anyway is cool) David LeBlanc (Mar 17)
  - Verified PIX vulnerability to FTP-Pasv attack. monti (Mar 19)