---------- Forwarded message ----------
From: JAPH David Nicol (david@KASEY.UMKC.EDU)
To: BUGTRAQ@netspace.org
Date: Wed, 16 Sep 1998 15:43:20 -0500
Subject: NT floppy driver makes risky assumptions

Got an NT 4.0 machine and if you stick a "red hat rescue.img" floppy
in the floppy slot you get an instant blue screen.

This does not appear to have been mentioned in bugtraq archives and
could become a most devastating exploit opportunity, by messing up the
file system just enough ...  That's why all this "anti-virus" software
is around, right?  Because of the unpatched buffer overflows and so
forth in the microsoft file system reading code? Never mind, I guess
"reading a suspicious floppy disk is inherently unsafe" is common
knowledge.

______________________________________________________________________
 David Nicol 816.235.1187 UMKC Network Operations david@news.umkc.edu
                "I go to bakeries all day long." -- JR



From: Mathijs Brands (shrike@CHARM.IL.FONTYS.NL)
To: BUGTRAQ@netspace.org
Date: Thu, 17 Sep 1998 19:04:22 +0200
Subject: Re: NT floppy driver makes risky assumptions

On Wed, 16 Sep 1998, JAPH David Nicol wrote:

> Got an NT 4.0 machine and if you stick a "red hat rescue.img" floppy
> in the floppy slot you get an instant blue screen.

Just tested on two different WinNT 4.0 Workstation machines. Both have
service-pack 3 applied and both didn't flinch when I presented them with
the Redhat 5.1 rescue-disk.

Mathijs