RDisk Race Condition

 
RDisk Race Condition
Originally reported January 21, 2000 by Arne Vidstrom
and updated on February 4, 2000 by Microsoft

VERSIONS AFFECTED
Windows NT 4.0 Workstation
  • Windows NT 4.0 Server
  • Windows NT 4.0 Server Enterprise Edition
  • Windows NT 4.0 Terminal Server
  • DESCRIPTION

    According to Microsoft"s report, "The RDISK utility is used to create an Emergency Repair Disk (ERD) in order to record machine state information as a contingency against system failure. During execution, RDISK creates a temporary file containing an enumeration of the registry. The ACLs on the file allow global read permission, and as a result, a malicious user who knew that the administrator was running RDISK could open the file and read the registry enumeration information as it was being created. RDISK erases the file upon successful completion, so under normal conditions there would be no lasting vulnerability.

    By default, the file is not shared and therefore could not be read by other network users."

    The utility is provided as part of all versions of Windows NT 4.0 and the vulnerability exists on each NT 4.0 platform.

    VENDOR RESPONSE

    Microsoft has released a FAQ, Support Online articles Q156328 and Q249108, a patch for Terminal Server and patches for NT 4.0 Wkstn,  Server, and Enterprise Edition on Intel and Alpha platforms.

    CREDITS
    Discovered by
    Arne Vidstrom

    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish