[Am-info] Multiple Vendor NTFS File Wipe Vulnerability
Fred A. Miller
fm@cupserv.org
Mon, 28 Jan 2002 14:19:59 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Multiple Vendor NTFS File Wipe Vulnerability
BugTraq ID: 3912
Remote: No
Date Published: Jan 21 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3912
Summary:
Under some circumstances, many Windows-based file cleaning utilities do
not properly wipe data from NTFS file systems. NTFS is supported in
Windows XP/NT/2000 operating systems.
Files in NTFS consist of multiple data streams. Alternate Data Streams
(ADS) may be used to store additional data in the same way a standard
data stream does. One of the attributes of Alternate Data Streams is
that the data is hidden from the user.
Data contained in Alternate Data Streams may not be properly removed
using many Windows file-wiping utilities (such as BCWipe, Eraser,
SecureClean, East-Tec Eraser 2000, PGP). For example, if a file-wiping
utility is used to delete a normal file then the Alternate Data Stream
attached to that file will remain intact.
One possible consequence of this issue is that a user will not be able
to use the standard methods to remove potentially malicious data from
their system.
It is important to note that this vulnerability does not affect
file-wiping utilities on older Microsoft Windows operating systems that
do not provide support for the NTFS file system, such as Windows 9x/ME.
- --
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8VaRfIhTtc6nTZIIRAv/TAJ9nM6gUevo9D/higMG8r5KQ+rQXGQCggaar
WcyfgvMrhXGW5TFCu9/RP3w=
=CWa0
-----END PGP SIGNATURE-----