|
|
多种系统NTFS 文件清除存在漏洞
发布时间:2002-01-24
更新时间:2002-01-24
严重程度:中
威胁程度:其它
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:3912
受影响系统AccessData SecureClean v3 build-2.0
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
East-Tec Eraser 2000
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Eraser Eraser 5.3
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
Jetico BCWipe 1.07
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Jetico BCWipe 2.08b
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Jetico BCWipe 2.0
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Jetico BCWipe 2.13
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Jetico BCWipe 2.16
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Jetico BCWipe 2.28
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Jetico BCWipe 2.28.3
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Jetico BCWipe 2.28.4
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Jetico BCWipe 2.28.7
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Jetico BCWipe 2.33
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Jetico BCWipe 2.35
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Jetico BCWipe 2.35.1
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows XP
Network Associates PGP 6.0.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Network Associates PGP 6.5.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Network Associates PGP 6.5.8
- HP HP-UX 10.0
- IBM AIX 4.3
- Linux kernel 2.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 7.0
- Sun Solaris 8.0
Network Associates PGP 7.0
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
Network Associates PGP 7.0.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Network Associates PGP 7.0.4
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Network Associates PGP 7.1.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
Network Associates PGP Freeware 7.0.3
- Apple MacOS 9.0
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95 SR2
- Microsoft Windows 98
- Microsoft Windows 98 b
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a 详细描述
在某些环境下,一些基于WINDOWS的文件清理工具没有正确的从NTFS文件系统中
清理数据,NTFS是WINDOWS XP/NT/W2K所支持的系统。
包含在可变动数据流中的数据使用多种WINDOWS文件清除工具如(BCWipe, Eraser,
SecureClean, East-Tec Eraser 2000, PGP)不能正确的删除,如一文件清除工具
在使用删除普通文件附加了可变动数据流话此文件就不会被真正删除掉。
测试代码
如建立如下带可变动数据流的文件:
echo "this is a text file" > C:\file.txt
echo "this is the alternate data stream lkajhkl2" >
C:\file.txt:alternate-data-stream
使用清除工具进行删除,但你可以通过查找"this is the
alternate data stream lkajhkl2"仍然找到此文件。在LInux下你可以使用如下
方法进行查找:
dd if=/dev/hdb1 of=windows-disk.img
grep "this is the alternate data stream lkajhkl2" windows-disk.img
or
strings windows-disk.img > windows-disk.strings
grep "this is the alternate data stream lkajhkl2" windows-disk.strings
就能很方便找到相应数据。
解决方案
临时方法:
1,尽量不使用可变动数据流。
2,在文件删除工具中使用"wipe free space" 功能马上清除空间。
3,加密铭感数据,如使用PGPDisk或者 Jetico's BestCrypt进行数据加密. 这样
即使被删除,也把临时文件处于加密状态。
相关信息
参考http://www.securityfocus.com/archive/1/251565
相关主页:
[url1]
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechn
ol/winxppro/reskit/prkc_fil_xurt.asp - Multiple data streams
[url2] http://support.microsoft.com/defaul
|
