[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98250

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Improper Handling of Windows ::DATA Alternate Data Stream

ID: 69Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: INCOMPLETE
Abstraction Type: Variant





Description

The software does not properly prevent access to, or detect usage of, alternate data streams (ADS).

Extended Description

An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and 'dir' at the command line utility. Alternately, the attacker might be able to bypass intended access restrictions for the associated data fork.

Applicable Platforms
Language Class: All
Operating System Class: Windows

Time Of Introduction

  • Architecture and Design
  • Implementation

Related Attack Patterns

Common Consequences

ScopeTechnical ImpactNotes
Access_Control
Non-Repudiation
Other
 
Bypass protection mechanism
Hide activities
Other
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Testing
 
 Software tools are capable of finding ADSs on your system.
 
  
Implementation
 
 Ensure that the source code correctly parses the filename to read or write to the correct stream.
 
  

Relationships

Related CWETypeViewChain
CWE-69 ChildOf CWE-904 Category CWE-888  

Demonstrative Examples
None

Observed Examples

  1. CVE-1999-0278 : In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
  2. CVE-2000-0927 : Product does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Windows ::DATA alternate data stream
 
 

References:

  1. Don Parker .Windows NTFS Alternate Data Streams. 2005-02-16.
  2. M. Howard D. LeBlanc .Writing Secure Code 2nd Edition. Microsoft. Published on 2003.

© 2013 SecPod Technologies