From SecurityTeam@DELPHISPLC.COM Fri Oct 6 10:09:05 2000 From: Security Team To: BUGTRAQ@SECURITYFOCUS.COM Date: Fri, 6 Oct 2000 13:35:16 +0100 Subject: [BUGTRAQ] DST2K0040: QuotaAdvisor 4.1 by WQuinn susceptible to any user bei ng able to list (not read) all files on any server running QuotaAdvisor. [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] ============================================================================ Delphis Consulting Plc ============================================================================ Security Team Advisories [26/09/2000] securityteam@delphisplc.com [http://www.delphisplc.com/thinking/whitepapers/] ============================================================================ Adv : DST2K0040 Title : QuotaAdvisor 4.1 by WQuinn susceptible to any user being able to list (not read) all files on any server running QuotaAdvisor. Author : DCIST (securityteam@delphisplc.com) O/S : Windows NT 4.0 Server (SP5) Product : QuotaAdvisor 4.1 (Build 450) Date : 26/09/2000 I. Description II. Solution III. Disclaimer ============================================================================ I. Description ============================================================================ Vendor URL: http://www.wquinn.com/ Delphis Consulting Internet Security Team (DCIST) discovered the following vulnerability in WQuinn QuotaAdvisor under WindowsNT. Severity: Low It is possible to list all of the files contained on a file system which is on a server with QuotaAdvisor running upon it. This requires only a normal user account (i.e. non adminstrator/poweruser). This normal user account can list the top level administration shares but not the contents. However if you run a report upon that share the report will contain a complete list of files and their physical locations. II. Solution ============================================================================ Vendor Status: Informed III. Disclaimer ============================================================================ THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE PLACED ON, THIS INFORMATION FOR ANY PURPOSE. ============================================================================ This e-mail and any files transmitted with it are intended solely for the addressee and are confidential. They may also be legally privileged.Copyright in them is reserved by Delphis Consulting PLC ["Delphis"] and they must not be disclosed to, or used by, anyone other than the addressee.If you have received this e-mail and any accompanying files in error, you may not copy, publish or use them in any way and you should delete them from your system and notify us immediately.E-mails are not secure. Delphis does not accept responsibility for changes to e-mails that occur after they have been sent. Any opinions expressed in this e-mail may be personal to the author and may not necessarily reflect the opinions of Delphis