Re: Windows NT 4.0, 95, 98 (?) networked PRN flaw

From: Aj Mirani (ajmat_private)
Date: Tue Jun 08 1999 - 13:38:11 PDT

Next message: aleph1at_private: "ISSalert: ISS Security Advisory: KDE K-Mail File Creation"

Previous message: altellezat_private: "ssh advirsory"
Maybe in reply to: STEVENS, Eric: "Windows NT 4.0, 95, 98 (?) networked PRN flaw"
Next in thread: der Mouse: "Re: Windows NT 4.0, 95, 98 (?) networked PRN flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 08:20 AM 04/06/99 -0400, you wrote:
So you create a file like this:
copy xxx.tmp \\Orbitor\Incoming\prn.xxx

removing it is as easy as:
del \\Orbitor\Incoming\prn.xxx

This was tested on NT Workstation SP4

>Now the flaw:
>Although you cannot create a local file whose name is PRN, you can,
>however, jump onto a networked server (suppose it's name is
>\\whatever) and create (in any directory that you have creatable
>permissions) any file or directory named PRN.xxx (again, xxx stands
>for any extension).  The server must be accessed by it's \\ notation,
>you cannot do this if you map \\whatever\anydir to a drive (such as
>w:), then go to w:\ and try to create the file, in that case your
>machine's name parser blocks you.


--

Aj Mirani - ajmat_private
Network Administrator
Island Corporation
#10-3000 Landgstaff Rd
Concord, ON L4K 4R7
Tel: (905)761-1655

Next message: aleph1at_private: "ISSalert: ISS Security Advisory: KDE K-Mail File Creation"
Previous message: altellezat_private: "ssh advirsory"
Maybe in reply to: STEVENS, Eric: "Windows NT 4.0, 95, 98 (?) networked PRN flaw"
Next in thread: der Mouse: "Re: Windows NT 4.0, 95, 98 (?) networked PRN flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:34 PDT