Hi, I made a small program. This makes a lots of folders under Recycler folder. I mean ANY users can make folders under Recycler folder. Like this.... When some user("user1")'s SID is S-1-5-21-823518204-813497703-1708537768-1004, my program will make S-1-5-21-823518204-813497703-1708537768-1001 S-1-5-21-823518204-813497703-1708537768-1002 S-1-5-21-823518204-813497703-1708537768-1003 ... ... S-1-5-21-823518204-813497703-1708537768-1199 S-1-5-21-823518204-813497703-1708537768-1200 In this case its parameter is "RecyclerSnooper.exe 200 C". After that another user("user2", SID=...1006) throw garbage away FIRST time, user1 can read it. Yeah, user1 can read another user's garbages in case another user didn't throw garbage yet. It's minor problem. You can download and test from http://www.lac.co.jp/security/test/files/RecyclerSnooper.exe This could be available on WinNT and Win2K. I reported this to MS on 31st Oct,'99... I waited with Arne Vidstrom for few months ! See Microsoft Security Bulletin (MS00-007). <Nobuo Miwa> n-miwaat_private ( @ @ ) http://www.lac.co.jp/security/ ------------------------------o00o--(. .)--o00o--------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:32:53 PDT