Re: Windows MS-DOS Device Name DoS vulnerabilities

From: Peter Gutmann (pgut001at_private)
Date: Tue Jul 10 2001 - 16:19:15 PDT

Next message: teoat_private: "Re: dip 3.3.7p-overflow"

Previous message: Pavel Kankovsky: "Re: Messenger/Hotmail passwords at risk"
Maybe in reply to: richardcaat_private: "Windows MS-DOS Device Name DoS vulnerabilities"
Next in thread: ByteRage: "Re: Windows MS-DOS Device Name DoS vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dennis Jenkins <djenkinsat_private> writes:

>He will access the device.  This is documented in the book "Undocumented Dos"
>(author, editor, press I don't remember).  

My copies claims to be by Schumann et al, published by Addison-Wesley.

>In the early days of DOS, there was a reason why this was done.  But I don't
>remember that either.

Speaking of the early days of DOS, this bug has been around for a long, long
time.  I remember being able to crash BBS's 10 years ago [0] by uploading zip
files containing reserved names which would bring down the system when the BBS
software scanned the file.  I think later versions of Pkzip would try and check
for reserved names to try and prevent this.

Peter.

[0] With the permission of the sysop, done as a demonstration.

Next message: teoat_private: "Re: dip 3.3.7p-overflow"
Previous message: Pavel Kankovsky: "Re: Messenger/Hotmail passwords at risk"
Maybe in reply to: richardcaat_private: "Windows MS-DOS Device Name DoS vulnerabilities"
Next in thread: ByteRage: "Re: Windows MS-DOS Device Name DoS vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 10 2001 - 07:15:24 PDT