
Microsoft cd .. Bug
If a Samba client attaches to a file system share on a Windows NT machine
(versions 3.5 and 3.51) and executes a cd .. command from the root directory of the
share, it causes a kernel exception (STOP 0x0000001E). Depending on the
configuration of the machine, it may automatically reboot, or require manual
intervention. If a Windows 95 machine share is accessed, this bug allows anyone to gain
access to the entire hard drive.
Fix: This vulnerability is documented in Microsoft Knowledge Base article number
Q140818, last revision dated March 15, 1996. The resolution is to install the
latest service pack for Windows NT version 3.51. The latest service pack to have
the patch is service pack 4 or 5. Windows NT 3.5 is also vulnerable to this
problem, and the only fix is to upgrade to versions 3.51 (with Service Pack 4 or 5)
or version 4.0.
See: