ntfs software vulnerabilities
vulnerabilities.aspcode.net
Searching ntfs software vulnerabilities
Macintosh clients, when using NT file system vo
Macintosh
|
Windows
|
volumes
|
clients
|
system
|
using
|
file
|
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
The Microsoft CONVERT.EXE program, when used on
CONVERTEXE
|
Microsoft
|
Windows
|
program
|
used
|
The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
NTFS file system in Windows NT 4.0 and Windows
Windows
|
system
|
NTFS
|
file
|
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 d
BestCrypt
|
BCWipe
|
BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
East-Tec Eraser 2002 does not clear Windows alt
East-Tec
|
Eraser
|
East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
Eraser 5.3 does not clear Windows alternate dat
information
|
sensitive
|
attackers
|
alternate
|
attached
|
supposed
|
systems
|
recover
|
Windows
|
deleted
|
streams
|
allows
|
Eraser
|
which
|
files
|
clear
|
data
|
does
|
file
|
NTFS
|
not
|
Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
PGP 6.x and 7.x does not clear Windows alternat
information
|
alternate
|
sensitive
|
attackers
|
attached
|
supposed
|
recover
|
systems
|
Windows
|
deleted
|
streams
|
allows
|
which
|
files
|
clear
|
data
|
does
|
file
|
NTFS
|
PGP
|
not
|
PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
SecureClean 3 build 2.0 does not clear Windows
information
|
SecureClean
|
alternate
|
attackers
|
sensitive
|
attached
|
supposed
|
deleted
|
systems
|
Windows
|
recover
|
streams
|
allows
|
which
|
files
|
clear
|
build
|
does
|
NTFS
|
file
|
data
|
not
|
SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
GetDataBack for NTFS 2.31 stores the username a
GetDataBack
|
NTFS
|
GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the License registry key, which may allow local users to obtain sensitive information.
SmartLine DeviceLock before 5.73 Build 305 does
DeviceLock
|
SmartLine
|
before
|
SmartLine DeviceLock before 5.73 Build 305 does not properly enforce access control lists (ACL) in raw mode, which allows local users to bypass NTFS controls and obtain sensitive information.
Easy File Sharing (EFS) Web Server 4.0, when ru
Sharing
|
File
|
Easy
|
Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream.
Easy File Sharing (EFS) Easy Address Book 1.2,
Sharing
|
File
|
Easy
|
Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream.
The NTFS filesystem code in Linux kernel 2.6.x
filesystem
|
kernel
|
Linux
|
NTFS
|
code
|
26x
|
The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function.
The fsmsh.dll host module in F-Secure Policy Ma
F-Secure
|
fsmshdll
|
Manager
|
Server
|
Policy
|
module
|
host
|
The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.
** DISPUTED ** Guidance Software EnCase does n
Software
|
properly
|
DISPUTED
|
Guidance
|
handle
|
EnCase
|
does
|
not
|
** DISPUTED ** Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own.
icat in Brian Carrier The Sleuth Kit (TSK) befo
Carrier
|
Sleuth
|
Brian
|
icat
|
Kit
|
icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image.
icat in Brian Carrier The Sleuth Kit (TSK) befo
Carrier
|
Sleuth
|
Brian
|
icat
|
Kit
|
icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL pointer checks in certain code paths, which allows user-assisted remote attackers to cause a denial of service (NULL dereference and application crash) and prevent examination of certain NTFS files via a malformed NTFS image.
The fs_data_put_str function in ntfs.c in fls i
fs_data_put_str
|
function
|
Carrier
|
Sleuth
|
Brian
|
ntfsc
|
Kit
|
fls
|
The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read.
Brian Carrier The Sleuth Kit (TSK) before 2.09
Carrier
|
Sleuth
|
Brian
|
Kit
|
Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image that triggers (1) dereference of a certain integer value by ntfs_dent.c in fls, or (2) dereference of a certain other integer value by ntfs.c in fsstat.
ntfs.c in fsstat in Brian Carrier The Sleuth Ki
Carrier
|
fsstat
|
Sleuth
|
ntfsc
|
Brian
|
Kit
|
ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image.
Software vulnerabilities results 1 to 20 of 26
Page:
1
2
►