OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Windows 2000 Nul bug
From: Michael Hendy (michael.hendyLIATI.COM)
Date: Sat Apr 29 2000 - 12:38:42 CDT

Levent and group,

Your quite right. This is not a BUG it is a FEATURE, IMO. And it has been
part of the Windows O/S since 3.11, at least (that's as far back as I can
bootup.)

In Windows 3.11, it is not automatic, when you start a file with an unknown
extension, the O/S displays a message asking you to open the Association
window and select a program to run with this particular extension.

In Windows 95/98/NT4, the Association dialog box pops up when ever you
double click on a filename with an unknown extension, though only from the
desktop/mycomputer/explorer windows (the DOS prompt will just give you an
error message.)

In Windows 2000, the Association dialog box pops up even in the Command
Prompt window so that you can select a program that will run this type of
file.

I haven't tested further, but I would assume that even after associating a
program with a file, if you don't have permission to run that program, it
still will not actually run nor will you be able to open the associated
file.

__________________________________________________________________
Michael Hendy 744975 Alberta Limited
Database Management Programming Liati Systems
Network Setup and Administration Calgary, Alberta, Canada
Website Development & Design voice/fax (403) 237-2375
Instrumentation & Control Systems michael.hendyliati.com
http://www.liati.com mhendytaaaa.com

> -----Original Message-----
> From: leventHUSHMAIL.COM [mailto:leventHUSHMAIL.COM]
> Sent: April 29, 2000 10:55 AM
> To: win2ksecadviceLISTSERV.NTSECURITY.NET
> Subject: Re: Windows 2000 Nul bug
>
>
> I'm not sure why this is perceived as a security bug. It is
> a file association
> issue. If it allows you to bypass the security of policies
> regarding application
> launches or the ntfs file security associated with the files,
> then yes it
> is a security bug. Otherwise, the only thing this does is to
> show you the
> applications installed on the machine. Since file
> associations will allow
> you to glean the same info I don't see a problem. I'll agree
> that you shouldn't
> be able to see those applications unless you have file or
> registry security
> associated with same. My guess is that the dialog is pulling
> it from file
> associations out of the registry.
>
> I see the issue on Windows 2000 build 2195. You can also
> initiate by doing
> something like starting a program with an unknown association.
>
>
> levent
>
>
> -----Original Message-----
> From: Mousse [mailto:mousseCROSSWINDS.NET]
> Sent: Saturday, April 29, 2000 11:45 AM
> To: win2ksecadviceLISTSERV.NTSECURITY.NET
> Subject: Re: Windows 2000 Nul bug
>
> Apparently, Microsoft's already patched the problem.
> On Windows 2000 Professional v. 5.00.2195 (Standard OEM),
> neither the "nul" nor the "other" backdoors seem to work. The
> similar goes for the latest Windows 2000 Server (also Standard
> OEM) release.
>
> ~Mousse
>
> > -----Original Message-----
> > From: auto45040HUSHMAIL.COM [mailto:auto45040HUSHMAIL.COM]
> > Sent: Saturday, April 29, 2000 12:04 AM
> > To: win2ksecadviceLISTSERV.NTSECURITY.NET
> > Subject: Windows 2000 Nul bug
> >
> >
> > <-[DHC ADVISORY]->
> >
> > Title: Nul security AND D.O.S problem for Windows 2000
> > Description program: Well I guess we all know what Windows
> 2000 is. :)
> > Description problem: Simply by typing "nul" in a dos prompt, you
> > get a screen
> > with all kinds of programs you can start and by hitting a
> button you also
> > get a "open file" style explorer window.
> >
> > <-[what was used]->
> > Windows Professional 2000 build 2128
> >
> > <-[how to create the security problem]->
> > start up a dos prompt and type "nul" and then enter. I attached a
> > file (nil.bat)
> > for the people who either don't have a prompt (because of
> restrictions,
> > or whatever) or just don't know how to do it.
> > You'll get a little screen with a list of programs to open
> "nul.pif" with.
> > Just choose what you want to start up. Anything that is on
> your computer
> > is now available.
> > More dangerous maybe is the possibility to hit "other" and
> you're able
> to
> > browse the drives and directories. Funny thing is that with
> windows NT
> by
> > typing the drive name in the file name bit you can even
> access hidden
> but
> > shared drives, so I figure this'll still work with Windows
> 2000 too, but
> > at the moment I'm not sure.
> > To be honest, the same can be achieved by double-clicking an
> > undefined fileformat.
> > However, a lot of administrators will have found a way to
> stop this, so
> > basically this is a workaround for that.
> >
> > <-[fix]->
> > Well, I expect Microsoft will have a fix for the security
> problem, so
> I
> > won't bother with that.
> >
> > <-[note]->
> > credit where credit is due: I wouldn't've gone and checked
> "nul" out in
> > W2k if it weren't for someone posting to Bugtraq saying
> c:\nul\nul like
> > c:\con\con could lock up W98. I was being curious.
> >
> > Greetz,
> > nemesystm, leader of the DHC (dhcorp.cjb.net)
> > auto45040hushmail.com
> > - 1 found 62999 to go -
>
>
>
> IMPORTANT NOTICE: If you are not using HushMail, this
> message could have been read easily by the many people who
> have access to your open personal email messages.
> Get your FREE, totally secure email address at
> http://www.hushmail.com.
>
> _____________________________________________________________________
> ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
> ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
> SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
>

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net