=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Ср, 03 ноя 1999  06:47:11

   От: Microsoft Product Security Response Team <secure@MICROSOFT.COM>

 Кому: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

 Тема: Re: SCSI port device is backdoor to disk access

--------------------------------------------------------------------------------




Hi All -



We did an investigation of this issue and, while it does reproduce in some

cases, it's not a Windows NT issue.  The problem lies in the security of the

third-party SCSI drivers.  Regards,



Secure@microsoft.com



>

> -----Original Message-----

> From: Eric Gisin [mailto:ericg@TECHIE.COM]

> Sent: Monday, November 01, 1999 9:44 AM

> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

> Subject: SCSI port device is backdoor to disk access

>

>

> Windows NT restricts fixed disk access to Administrators.

> These are the

> \\.\PhysicalDrive# and \\.\X: devices. However, there are

> SCSI port devices

> that are not restricted, the \\.\SCSI#: devices.

>

> I noticed that ASPI based benchmarks could be run by anyone.

> ASPI opens the

> SCSI device and can do disk IO using SCSI commands. Examples

> are Adaptec

> SCSI Bench and asbnch32 from www.winimage.com. The latter

> includes source,

> which could be modified to edit disks.

>

> Note that fixing the SCSI device permissions will disable all

> CD burning

> software and other ASPI utilities for non admins. Oh, EIDE

> drives can also

> be accessed through the ATAPI miniport.

>