WQuinn QuotaAdvisor 4.1 Disk Quota Bypass Vulnerability
BID:1724
Info
WQuinn QuotaAdvisor 4.1 Disk Quota Bypass Vulnerability
| Bugtraq ID: | 1724 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 28 2000 12:00AM |
| Updated: | Sep 28 2000 12:00AM |
| Credit: | Posted to Bugtraq on September 28, 2000 by the Delphis Security Team <[email protected]>. |
| Vulnerable: |
WQuinn QuotaAdvisor 4.1 |
| Not Vulnerable: | |
Discussion
WQuinn QuotaAdvisor 4.1 Disk Quota Bypass Vulnerability
WQuinn QuotaAdvisor is a disk usage management application which sets and enforces disk quotas on systems running Windows NT 4.0 and 2000.
It is possible to bypass the disk quotas set by QuotaAdvisor through the use alternate data streams (other than the default) implemented by utilities such as CAT (available from the NT Resource Kit).
For example:
cat c:\45mbfile.doc > 0mbfile.doc:hidden
would make the 45 MB file appear to QuotaAdvisor as a 0 MB file. Thus, any disk quota policies imposed by QuotaAdvisor would be rendered ineffective.
WQuinn QuotaAdvisor is a disk usage management application which sets and enforces disk quotas on systems running Windows NT 4.0 and 2000.
It is possible to bypass the disk quotas set by QuotaAdvisor through the use alternate data streams (other than the default) implemented by utilities such as CAT (available from the NT Resource Kit).
For example:
cat c:\45mbfile.doc > 0mbfile.doc:hidden
would make the 45 MB file appear to QuotaAdvisor as a 0 MB file. Thus, any disk quota policies imposed by QuotaAdvisor would be rendered ineffective.
Exploit / POC
WQuinn QuotaAdvisor 4.1 Disk Quota Bypass Vulnerability
See discussion.
See discussion.