Path Equivalence: Windows 8.3 Filename

Incomplete Variant

Structure: Simple

Description

The product contains a protection mechanism that restricts access to a long filename on a Windows operating system, but it does not properly restrict access to the equivalent short "8.3" filename.

Extended Description

On later Windows operating systems, a file can have a "long name" and a short name that is compatible with older Windows file systems, with up to 8 characters in the filename and 3 characters for the extension. These "8.3" filenames, therefore, act as an alternate name for files with long names, so they are useful pathname equivalence manipulations.

Common Consequences 1

Scope: ConfidentialityIntegrity

Impact: Read Files or DirectoriesModify Files or Directories

Potential Mitigations 1

Phase: System Configuration

Disable Windows from supporting 8.3 filenames by editing the Windows registry. Preventing 8.3 filenames will not remove previously generated 8.3 filenames.

Observed Examples 3

CVE-1999-0012Multiple web servers allow restriction bypass using 8.3 names instead of long names

CVE-2001-0795Source code disclosure using 8.3 file name.

CVE-2005-0471Multi-Factor Vulnerability. Product generates temporary filenames using long filenames, which become predictable in 8.3 format.

References 2

Writing Secure Code

Michael Howard and David LeBlanc

Microsoft Press

04-12-2002

https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223

ID: REF-7

The Art of Software Security Assessment

Mark Dowd, John McDonald, and Justin Schuh

Addison Wesley

2006

ID: REF-62

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Implementation

Functional Areas

File Processing

Affected Resources

File or Directory

Related Weaknesses

ChildOf:

Improper Resolution of Path Equivalence (CWE-41)

Taxonomy Mapping

PLOVER
Software Fault Patterns

Notes

Research GapProbably under-studied.