Serious Windows TCP/IP Security Hole (fwd)
Rich Graves
llurch at Networking.Stanford.EDU
Wed Oct 4 16:59:03 PDT 1995
---------- Forwarded message ----------
Date: Sat, 30 Sep 1995 02:03:58 -0700 (PDT)
From: Rich Graves <llurch at Networking.Stanford.EDU>
To: Ken Simler <krs2 at cornell.edu>
Subject: Re: Serious Windows TCP/IP Security Hole (fwd)
This doesn't work for you? Please get back to me if you figure it out.
I'd like to document the problem accurately.
-rich
---------- Forwarded message ----------
Date: Thu, 28 Sep 95 23:45:49 -0400
From: Mark Thornton <markt at eng.umd.edu>
To: llurch at networking.stanford.edu
Newgroups: comp.os.ms-windows.win95.misc,
comp.os.ms-windows.networking.windows,
comp.os.ms-windows.networking.tcp-ip
Subject: Re: Serious Windows TCP/IP Security Hole
I can confirm that the complete(floppy) version of Windows 95
STILL has the ../ bug ;-( The ... bug has been fixed correctly
returning the following message
chkpath: ERRDOS - ERRbadpath (Directory invalid.)
But cd ../ WILL put you in the root directory of the share
with the rights you had in the intial directory. Very bad...
I've had to share all my drives read-only until the problem
gets fixed.
More information about the cypherpunks-legacy
mailing list