Dear Michele Cicciotti,
--Friday, March 9, 2007, 9:00:05 PM, you wrote to full-disclosure_at_lists.grok.org.uk:
>> Scenario 1.1:
>>
>> Bob wishes to create "Bob private data" folder in "Public" folder to
>> place few private files. "Public" has at least "Write" permissions for
>> "User" group. Bob:
MC> This is, of course, wrong. You muddy the issue with the "Write
MC> permissions for User group" red herring and we are all supposed to
MC> oooh and aaah at your sleigh-of-hand trickery. Of course, a proper
MC> public repository for private folders should have saner settings
MC> than that, to begin with.
First, Bob's private data was just an example. A problem itself belongs
to any case where data with more restrictive permissions is created in a
folder with less restrictive permissions. And despite Mr. Grimes says,
this is quite common case under Windows and can be found in almost any
real corporate directory structure. If you ever removed "Inherit from
parent" checkbox in advanced security settings - you most probably were
vulnerable to attack. Show me administrator who never did.
Second, "Preopen file attack" and everything below will work with
saner "Add and read permission for User group". Any usage of "Creator
owner" group is a case where this can be exploited.
--
~/ZARAZA http://securityvulns.com/
Ибо факты есть факты, и изложены они лишь для того, чтобы их поняли и в них поверили. (Твен)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Mar 09 2007
Intro
