RDisk Race Condition
Originally reported January 21, 2000 by Arne Vidstrom
and updated on February 4, 2000 by Microsoft
According to Microsoft"s report, "The RDISK
utility is used to create an Emergency Repair Disk (ERD) in order to record machine state
information as a contingency against system failure. During execution, RDISK creates a
temporary file containing an enumeration of the registry. The ACLs on the file allow
global read permission, and as a result, a malicious user who knew that the administrator
was running RDISK could open the file and read the registry enumeration information as it
was being created. RDISK erases the file upon successful completion, so under normal
conditions there would be no lasting vulnerability.
The utility is provided as part of all versions of Windows
NT 4.0 and the vulnerability exists on each NT 4.0 platform.
Discovered by Arne Vidstrom