data stream bug still alive?

• Previous message: Rodrigo Barbosa: "Re: PGP sign highlight on mutt"
• Next in thread: 3APA3A: "Re: data stream bug still alive?"
• Reply: 3APA3A: "Re: data stream bug still alive?"
• Reply: Javier Abdul Córdoba Gándara: "RE: data stream bug still alive?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <00b301c15e69$ae33ec60$14449818@vtr.net>
From: "NDR113" <ndr113@350cc.com>
To: <vuln-dev@securityfocus.com>
Subject: data stream bug still alive?
Date: Fri, 26 Oct 2001 19:00:52 -0300

Data Stream Bug may still work (on a unsual configuration)
[===================================]

+ Past Problem
The Windows NT file system, NTFS, support multiple data streams within a
file, been DATA the main content stream.
Was reported on July 8, 1998 by Paul Ashton on this mailing list the
posibility of get remotely by IIS the source code of files like an ASP
script. This was done by requesting the file and ::$DATA. Microsoft relase a
fix, and the problem was solve on the subsequent Service Packs for Windows
NT.

+ Present Problem
Yet, this problem -it seems to us- that on some unusual configuration as a
Windows NT box, with IIS and PHP scripting, persist. In our tests on two
separete Windows NT boxes, with IIS 4, PHP4, the fix available for the bug
and the latest SP6a, is still possible to obtain the source of PHP files.
eg. http://www.server.com/file.php::$DATA

+ Implications
Besides the obvious vulnerability, this show that the fix given by Microsoft
far from solving the real problem, it just did the the "workarounds" on the
registry on how to manage specific extensions (.asp, .pl, and so on)
excluding .php.

+ Final
Anyone how can confirm or refute this please post it.

+ More Informtion
":$DATA Stream Name of a File May Return Source"
http://support.microsoft.com/support/kb/articles/Q188/8/06.ASP

"HOW TO: Use NTFS Alternate Data Streams"
http://support.microsoft.com/support/kb/articles/Q105/7/63.ASP

Roberto Alamos M. (theye@350cc.com)
Carlos Gaona U. (ndr113@350cc.com)
www.350cc.com

• Previous message: Rodrigo Barbosa: "Re: PGP sign highlight on mutt"
• Next in thread: 3APA3A: "Re: data stream bug still alive?"
• Reply: 3APA3A: "Re: data stream bug still alive?"
• Reply: Javier Abdul Córdoba Gándara: "RE: data stream bug still alive?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Windows Explorer... add detail... checkbox? ... You can develop a shell extension to add a new property page to the ... NTFS and Windows 2000 includes a feature exactly what you need - no ... stream that NTFS stores along with the primary data stream. ... (microsoft.public.win2000.file_system) RE: data stream bug still alive? ... data stream bug still alive? ... using NTFS. ... Windows NT box, with IIS and PHP scripting, persist. ... (Vuln-Dev) Re: IO and non-strings ... provides a message abstraction implemented by data stream ... The ruby version works on all platforms I've tried (windows and linux). ... (comp.lang.ruby) Re: data stream bug still alive? ... problem oh ISAPI filter which comes with PHP 4. ... N> Data Stream Bug may still work ... and the problem was solve on the subsequent Service Packs for Windows ... (Vuln-Dev) Re: Need to Setup DOS Driver in XP Pro ... and rely completely on Windows to generate the data stream used to generate the print. ... Printfil - Windows Printing System for Applications ... @Kill - Batch Close Windows Applications - Freeware ... (microsoft.public.windowsxp.general)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint