|
Status: Incomplete Weakness ID: 69 (Weakness Variant)Description Summary The software does not properly prevent access to, or detect usage of, alternate data streams (ADS). Extended Description An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and 'dir' at the command line utility. Alternately, the attacker might be able to bypass intended access restrictions for the associated data fork. Affected Resources System ProcessPotential Mitigations Software tools are capable of finding ADSs on your system. Ensure that the source code correctly parses the filename to read or write to the correct stream. Observed Examples
Other Notes Fault: multiple identifiers, non-atomic object Background Details Alternate data streams (ADS) were first implemented in the Windows NT operating system to provide compatibility between NTFS and the Macintosh Hierarchical File System (HFS). In HFS, data and resource forks are used to store information about a file. The data fork provides information about the contents of the file while the resource fork stores metadata such as file type. References Don Parker. "Windows NTFS Alternate Data Streams". 2005-02-16. <http:/ M. Howard and
D. LeBlanc. "Writing Secure Code". 2nd Edition. Microsoft. 2003. Relationships
Taxonomy Mappings
Applicable Platforms Languages All Operating Systems Windows Time of Introduction Architecture and Design ImplementationRelated Attack Patterns
Content History Submissions PLOVER. (Externally Mined) Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Applicable_Platforms, Background_Details, Description, Relationships, Other_Notes, References, Taxonomy_Mappings CWE Content Team. MITRE. 2008-10-14. (Internal) updated Description Previous Entry Names Windows ::DATA Alternate Data Stream (changed 2008-04-11) |
|
|
|||