Microsoft cd .. Bug contents.gifindex.gif

Microsoft cd .. Bug

If a Samba client attaches to a file system share on a Windows NT machine (versions 3.5 and 3.51) and executes a cd .. command from the root directory of the share, it causes a kernel exception (STOP 0x0000001E). Depending on the configuration of the machine, it may automatically reboot, or require manual intervention. If a Windows 95 machine share is accessed, this bug allows anyone to gain access to the entire hard drive.

Fix: This vulnerability is documented in Microsoft Knowledge Base article number Q140818, last revision dated March 15, 1996. The resolution is to install the latest service pack for Windows NT version 3.51. The latest service pack to have the patch is service pack 4 or 5. Windows NT 3.5 is also vulnerable to this problem, and the only fix is to upgrade to versions 3.51 (with Service Pack 4 or 5) or version 4.0.

See: STOP Message: After "DIR ..\" is Issued from a Samba Client