CWE
CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.1)  

CWE-69: Improper Handling of Windows ::DATA Alternate Data Stream

 
Improper Handling of Windows ::DATA Alternate Data Stream
Weakness ID: 69 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

The software does not properly prevent access to, or detect usage of, alternate data streams (ADS).

Extended Description

An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and 'dir' at the command line utility. Alternately, the attacker might be able to bypass intended access restrictions for the associated data fork.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

Operating Systems

Windows

+ Common Consequences
ScopeEffect
Access Control
Non-Repudiation
Other

Technical Impact: Bypass protection mechanism; Hide activities; Other

+ Observed Examples
ReferenceDescription
CVE-1999-0278
CVE-2000-0927
+ Potential Mitigations

Software tools are capable of finding ADSs on your system.

Ensure that the source code correctly parses the filename to read or write to the correct stream.

+ Background Details

Alternate data streams (ADS) were first implemented in the Windows NT operating system to provide compatibility between NTFS and the Macintosh Hierarchical File System (HFS). In HFS, data and resource forks are used to store information about a file. The data fork provides information about the contents of the file while the resource fork stores metadata such as file type.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base66Improper Handling of File Names that Identify Virtual Resources
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory68Windows Virtual File Problems
Resource-specific Weaknesses631
Development Concepts699
ChildOfCategoryCategory634Weaknesses that Affect System Processes
Resource-specific Weaknesses (primary)631
+ Theoretical Notes

This and similar problems exist because the same resource can have multiple identifiers that dictate which behavior can be performed on the resource.

+ Affected Resources
  • System Process
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERWindows ::DATA alternate data stream
+ References
Don Parker. "Windows NTFS Alternate Data Streams". 2005-02-16. <http://www.securityfocus.com/infocus/1822>.
M. Howard and D. LeBlanc. "Writing Secure Code". 2nd Edition. Microsoft. 2003.
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Applicable_Platforms, Background_Details, Description, Relationships, Other_Notes, References, Taxonomy_Mappings
2008-10-14CWE Content TeamMITREInternal
updated Description
2009-10-29CWE Content TeamMITREInternal
updated Other_Notes, Theoretical_Notes
2010-04-05CWE Content TeamMITREInternal
updated Related_Attack_Patterns
2010-12-13CWE Content TeamMITREInternal
updated Name
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Windows ::DATA Alternate Data Stream
2010-12-13Failure to Handle Windows ::DATA Alternate Data Stream
Page Last Updated: September 12, 2011