=============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : Don Stikvoort (CERT-NL) Index : S-92-22 Distribution : SURFnet constituency Page : 1 Classification: External Version: Final Subject : destructive CHKDSK bug in some DOS versions Date : 10-dec-92 =============================================================================== CERT-NL received word (through FIRST) from John Carr and Chris Baxter of CCTA London about a rather nasty, potentially destructive, bug in CHKDSK apparent in MS-DOS and PC-DOS versions 4 and 5.0 shipped before 11 nov 91. Please take notice and warn your users if needs be. ******************************************************************************* Citation: warning by Carr and baxter, CCTA ******************************************************************************* ... a problem with CHKDSK in MS-DOS and PC-DOS versions 4 and 5.0 shipped before 11 November 1991. It seems that if you have a 256 sector File Allocation Table (FAT), which occurs with certain large partition sizes - 128, 256, 512, 1024 MB, this version of CHKDSK will overwrite the first 32 MB of your disk if used with /Fix option. This is a problem which would not have been noticed initially, but which will get worse as people upgrade their disks. At the moment I suspect that mainly Network file servers are at risk. IBM and Microsoft know about the problem - it is documented as Q80496 on the Microsoft knowledge base, but not many users seem to know of it! I suspect that if users encounter the problem, they will blame it on a suspect disk, since they will be trying to mend it at the time. CCTA has alerted its constituency in the UK government to the problem and has advised that all PCs be upgraded to MS-DOS 5.0A or PC-DOS 5.01, with those most at risk being done first. It is very important for small systems and maintenance groups to be aware of this problem. ... ******************************************************************************* End of citation. ============================================================================== CERT-NL is the Computer Emergency Response Team, located in The Netherlands. CERT-NL is a Full Member of the Forum of Incident Response and Security Teams (FIRST). The constituency of CERT-NL are the SURFnet connected institutions. Past CERT-NL Security Bulletins and other CERT-NL related material can be found on the anonymous FTP server of SURFnet bv: "ftp.nic.surfnet.nl" [192.87.46.3], in the directory "netman/cert-nl". This information is also available using email. Send an email saying "help" to "mailserv@nic.surfnet.nl". In case of computer or network security problems please contact CERT-NL or the CERT of your own constituency. Please be aware of the fact that we are are one hour ahead of Universal Time Coordinated (i.e. UTC+0100). Email: cert-nl@surfnet.nl Phone: +31 30 310290 Fax: +31 30 340903 Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands A 7*24h phonenumber is available to SURFnet SSC's and FIRST members on request ==============================================================================