Improper Handling of Windows ::DATA Alternate Data Stream
|ID: 69||Date: (C)2012-05-14 (M)2012-11-08|
|Type: weakness||Status: INCOMPLETE|
|Abstraction Type: Variant|
The software does not properly prevent access to, or detect
usage of, alternate data streams (ADS).
Extended DescriptionAn attacker can use an ADS to hide information about a file (e.g. size,
the name of the process) from a system or file browser tools such as Windows
Explorer and 'dir' at the command line utility. Alternately, the attacker
might be able to bypass intended access restrictions for the associated data
Applicable PlatformsLanguage Class: AllOperating System Class: Windows
Time Of Introduction
- Architecture and Design
Related Attack Patterns
|Access_ControlNon-RepudiationOther ||Bypass protection
mechanismHide activitiesOther || |
|Testing || ||Software tools are capable of finding ADSs on your system. || || |
|Implementation || ||Ensure that the source code correctly parses the filename to read or
write to the correct stream. || || |
|CWE-69 ChildOf CWE-904 ||Category ||CWE-888 || |
- CVE-1999-0278 : In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
- CVE-2000-0927 : Product does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
|PLOVER || ||Windows ::DATA alternate data stream || |
- Don Parker .Windows NTFS Alternate Data Streams. 2005-02-16.
- M. Howard D. LeBlanc .Writing Secure Code 2nd Edition. Microsoft. Published on 2003.