TUCoPS :: Windows :: win5609.htm

Windows 2000 system partition weak default permissions
7th Aug 2002 [SBWID-5609]
COMMAND

	Windows 2000 system partition weak default permissions

SYSTEMS AFFECTED

	Windows 2000

PROBLEM

	

	         /\_/\

	        { , . }     |\

	+--oQQo->{ ^ }<-----+ \

	|  ZARAZA  U  3APA3A   } of [http://www.security.nnov.ru] says :

	+-------------o66o--+ /

	                    |/

	

	

	 Advanced info: http://www.security.nnov.ru/search/news.asp?binid=2205

	

	To protect  system  files  located  in  the  root  of  system  partition
	(boot.ini, ntdetect.com, ntldr, autoexec.bat etc) Windows  2000  applies
	security template with NTFS permissions  to  only  allow  administrators
	and advanced users to access this files.
	

	 Vulnerability

	

	System partition itself has  Everyone/Full  Control  access  permission.
	Microsoft  (and  NIST  draft)  documents  also  recommend  Everyone/Full
	Control or Authenticated Users/Full Control permissions.
	

	 Details

	

	For POSIX compatibility user  with  Full  Control  NTFS  permission  for
	folder  may  delete  any  file  from  this  folder  regardless  of  file
	permissions. It makes it possible for user to become owner  and  to  get
	full control to any system file located  in  root  of  system  partition
	with next scenario:
	

	 1. Delete original file (only delete, because putting file into recycle

	 bin requires read permission).

	

	 2.  Create  new file with the same name. Now user is owner for this new

	 file  and  he  has Full Control permission for this file inherited from

	 root folder.

	

	It makes it possible to trojan system files  to  execute  some  code  in
	kernel space and/or to change boot sequence. It's  not  so  hard  as  it
	seems to be: it's trivial to exploit this problem to  get  system  level
	access  or  to  run  application  in  logged  user's   context   without
	programming/debugging skills (hint: 'strings ntldr').
	

	

SOLUTION

	Workaround is very easy. Replace Full Control  permission  for  Everyone
	group with any reasonable  set  of  permissions  for  all  root  folders
	including system partition. You  can  replace  Full  Control  permission
	with full set of special permissions. For NTFS  it  will  have  same  effect
	except user will not be able to remove any files if  he  has  no  delete
	permission for this file.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH