Re: Microsoft Windows Vista/2003/XP/2000 file management securit

看板Bugtraq作者時間19年前 (2007/03/13 23:33), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/4 (看更多)
3APA3A said: >I. There is no symlinks under Windows. Symlink attacks are not >possible. I'm not a Windows expert, but... There have been some past vulnerabilities where an attacker could upload a shortcut (.lnk) file and access files outside of the intended directory. In cases of FTP servers or mail clients, this makes symlink style attacks remotely feasible. Some previously reported examples are CVE-2004-2672/CVE-2005-0519/CVE-2005-0520 (argosoft), CVE-2005-2184 (eRoom), CVE-2005-0587 (Firefox), and CVE-2001-1386 (WFTPD). So, issues *like* symlink vulnerabilities can happen on Windows - but whether they're under-reported is unknown. Hard links, too (CVE-2002-0725 for NT and CVE-2003-0844 for mod_gzip). Maybe there's something about Windows API functions that make it more rare than in the Unix world? - Steve
更多 coley. 的文章
文章代碼(AID): #15ziHP00 (Bugtraq)
更多 coley. 的文章
文章代碼(AID): #15ziHP00 (Bugtraq)