Title: NT RDISK Registry Enumeration File Vulnerability
Severity: LOW
Description:
The Rdisk utility shipped with all versions of Windows NT4.0 is used to make an Emergency Repair Disk. During the creation of this disk, a temporary file ($$hive$$.tmp) is created in the %systemroot%\repair directory that contains the registry hives while they are being backed up. The group Everyone has Read permission to this file, and in this manner sensitive information about the server could be leaked.
The file is put in a location that is not shared by default, and is removed immediately after the disk is created. The only likely scenario where this could be exploited is in the case of NT Terminal Server, where an administrator and a regular user could both be logged in interactively at the same time.
Affected Products:
- Microsoft Windows NT 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0
References:
- Arne Vidstrom: RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server
- Microsoft: Frequently Asked Questions: Microsoft Security Bulletin MS00-004
- Microsoft: Q156328: Description of Windows NT Emergency Repair Disk
- Microsoft: Q249108: Registry Data Is Viewable By All Users During Rdisk Repair Update
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
