Michael Wojcik wrote: >> From: Stefan Kanthak [mailto:stefan.kant...@nexgo.de] >> Sent: Saturday, 06 February, 2010 08:21 >> >> Dan Kaminsky wrote: >> >> [...] >> >> > (On a side note, you're not going to see this sort of symlink stuff >> > on Windows, >> >> What exactly do you mean? >> Traversing symlinks on the server/share, or creation of "wide" >symlinks >> by the client on the server/share? >> >> Since Windows 2000 NTFS supports "junctions", which pretty much >> resemble Unix symlinks, but only for directories. >> See <http://support.microsoft.com/kb/205524/en-us> > > And at least since Vista, it also supports symlinks, which are designed
s/at least// [ well-known facts snipped ] > The Windows SMB server apparently won't cross reparse points, though, so > there's no equivalent vulnerability. NO, Windows SMB server crosses reparse points! But as Dan Kaminsky pointed out, you need to have administrative rights to remotely create a junction on an SMB share, so the non-admin user cant get himself access to files outside a share he's allowed to access. Stefan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/