+ Post New Thread
Results 1 to 14 of 14
Windows Thread, SECURITY ALERT!!! Adobe CS3 - Home Folder Share Browsing in Technical; Argh!! Just found a glaringly big security hole in Adobe CS3.. Open Dreamweaver (or flash., etc) and then file - ...
  1. #1

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,765
    Thank Post
    873
    Thanked 673 Times in 442 Posts
    Rep Power
    502

    SECURITY ALERT!!! Adobe CS3 - Home Folder Share Browsing

    Argh!!

    Just found a glaringly big security hole in Adobe CS3..

    Open Dreamweaver (or flash., etc) and then file - open..

    Using the "Up" icon you can go all the way up the share tree

    Eg: Pupil1 is mapped to H: drive using \\server\pupils\year xx\pupil1

    Using the "Up" icon in the Open dialog you can go all the way up to \\server\

    But wait theres more..

    Pupil can then go back down the tree into \\server\pupils\year yy\pupil3 and delete files & folders

    Looks like same problem as Office 2003 had..

    Cant find any mention from a quick google, so wondering if anyone here has come across this and/or a solution

  2. #2

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    9,989
    Thank Post
    1,852
    Thanked 2,298 Times in 1,697 Posts
    Rep Power
    819
    Quote Originally Posted by Gatt View Post
    Argh!!

    Pupil can then go back down the tree into \\server\pupils\year yy\pupil3 and delete files & folders
    Surely this should be prevented by permissions?

    A pupil here has read permissions on the folder containing all the home drives, but these are not inherited and so the pupil can go no further as they have modify on their home folder, but no more.

  3. #3
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,484
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    Quote Originally Posted by Gatt View Post
    Argh!!

    Just found a glaringly big security hole in Adobe CS3..

    Open Dreamweaver (or flash., etc) and then file - open..

    Using the "Up" icon you can go all the way up the share tree

    Eg: Pupil1 is mapped to H: drive using \\server\pupils\year xx\pupil1

    Using the "Up" icon in the Open dialog you can go all the way up to \\server\

    But wait theres more..

    Pupil can then go back down the tree into \\server\pupils\year yy\pupil3 and delete files & folders

    Looks like same problem as Office 2003 had..

    Cant find any mention from a quick google, so wondering if anyone here has come across this and/or a solution
    Then the permissions are wrong. I'd suggest you install and enable access based enumeration but that's not going to do anything while the students have permissions over another students folder.

    Students will only need read/traverse for "This folder only" for those folders between the share root and their folder. Then they only need permissions on their own folder.

    It's not a security issue in CS3 or any other app. Correct permissions and access based enumeration turned on will mean the server doesn't even show the other users folders.

  4. #4

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    395
    I assume you have My Documents redirection to point to their H: drive. Does the policy actually redirect to the drive letter H:, or to the equivalent UNC path that the H: drive also happens to be mapped to?

    I also assume there is a reason you haven't simply applied security permissions on the folder hierarchy so they can't browse to it?

  5. #5

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,765
    Thank Post
    873
    Thanked 673 Times in 442 Posts
    Rep Power
    502
    Have checked permissions - All folders only have read & execute, list & read set (inherited) and Individual Pupils only have FC access to their OWN folder

    My GPO also denies them the rights to browse the network manually (typing the path into explorer brings back a disallowed error)

    Still looking...

  6. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,220
    Thank Post
    893
    Thanked 1,773 Times in 1,529 Posts
    Blog Entries
    12
    Rep Power
    461
    Quote Originally Posted by Gatt View Post
    Have checked permissions - All folders only have read & execute, list & read set (inherited) and Individual Pupils only have FC access to their OWN folder

    My GPO also denies them the rights to browse the network manually (typing the path into explorer brings back a disallowed error)

    Still looking...
    Seems ok here.... We have also hidden all our shares so they cant do anything when they get to server level.

  7. #7
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,484
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    Quote Originally Posted by Gatt View Post
    Have checked permissions - All folders only have read & execute, list & read set (inherited) and Individual Pupils only have FC access to their OWN folder

    My GPO also denies them the rights to browse the network manually (typing the path into explorer brings back a disallowed error)

    Still looking...
    The gpo settings only affect explorer and applications that use it, anything using it's own file menus will be unrestricted. It's more for convenience than security.

    What do the permissions show for the user that can get into the other folders? Is the file actually deleted or just say it's deleted and the comes back after a refresh?

    You can use the effective permission tab under security to see what a user will get on that folder.

  8. #8
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    42
    No problems here, students have access to any other folder then their own. Looks like you have a permissions related problem.

  9. #9
    MrLudwig's Avatar
    Join Date
    Jul 2005
    Location
    Behind You!
    Posts
    104
    Thank Post
    44
    Thanked 6 Times in 6 Posts
    Rep Power
    20
    I've had this as well. Here it did it under both Office 2007 and FreeMind.

    After some poking around in the NTFS permissions I removed the NETWORK account from the student folder permissions which solved it.

    I don't understand why these apps are using the NETWORK account, and it may be there is a good reason, but from my limited understanding, I'm not aware of any.

  10. Thanks to MrLudwig from:

    Gatt (23rd January 2009)

  11. #10
    Zimmer's Avatar
    Join Date
    Nov 2008
    Location
    Chadderton
    Posts
    116
    Thank Post
    10
    Thanked 10 Times in 10 Posts
    Rep Power
    14
    Indeed I agree with DMcCoy...

    Installing Access Based Enumeration on the file servers is a very good idea - We use it on ALL of our servers for that little extra bit of security from snooping students.

    Personally though I would look at sitting down and spending a while checking all your NT security permissions and share permissions.

    Also, $ all your shares if you don't already do so.

  12. #11

    Join Date
    Dec 2008
    Location
    Plymouth
    Posts
    63
    Thank Post
    6
    Thanked 10 Times in 7 Posts
    Rep Power
    14
    Quote Originally Posted by Gatt View Post
    Pupil can then go back down the tree into \\server\pupils\year yy\pupil3 and delete files & folders
    As others had said, your security permissions are clearly not tight enough.

    Assuming you use the following example groups, further down is what I suggest permissions should be like:
    StaffLocal - staff members
    StaffStudWriteLocal - used for staff members that need write permissions to student home folders
    StudentLocal - student accounts
    StudentYearXLocal - relevant year group for student accounts

    RootOfShare$-| > Perms: StaffLocal = Read, StaffStudWriteLocal = Read,
    ....................| StudentLocal = Traverse (under advanced)
    ....................|
    ....................|
    ....................|-- YrGrp > Perms: StaffLocal = Read,
    ...............................|................St affStudWriteLocal = Read,
    ...............................|................St udentLocal = Traverse
    ...............................|
    ...............................|---StudentName > Perms: StaffLocal = Read,
    .................................................. ..................StaffStudWriteLocal = Write
    .................................................. ..................StudentUser = Modify

    Also, as suggested above, do install Access Based Enumeration - this will result in users only being able to see files and folders that they have access to.
    You will notice I suggested "Modify" permissions to students accounts. This is specifically so that they cannot possibly have the "Take ownership" right on objects within their home folder. When we find something untoward in a student's home folder, e.g. a pornographic picture, we set a deny permission entry on it and we only delete it after disciplinary steps (if needed) were done. The downside is setting Modify instead of Full Control means empty .TMP files will be created in the root of the student's home folder. These are hidden files of 0kb in size and Microsoft says you can safely ignore them. As they are hidden, our students don't know they are there.
    Last edited by Tamarside; 26th January 2009 at 10:12 AM. Reason: Added dots to replace the spaces the forum stripped away, as by stripping away the spaces it RUINED my lovely tree-view! ;-P

  13. Thanks to Tamarside from:

    Gatt (26th January 2009)

  14. #12

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,812
    Thank Post
    110
    Thanked 585 Times in 506 Posts
    Blog Entries
    1
    Rep Power
    225
    You'll find 'AccessChk' , 'ShareEnum' and 'AccessEnum' tools from sysinternals useful for auditing for this sort of problem.

    Sysinternals Security Utilities

  15. 2 Thanks to Geoff:

    Gatt (26th January 2009), OutToLunch (26th January 2009)

  16. #13

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,765
    Thank Post
    873
    Thanked 673 Times in 442 Posts
    Rep Power
    502
    Thanks guys - will take a look later today

  17. #14

    Join Date
    Feb 2006
    Location
    Derbyshire
    Posts
    1,381
    Thank Post
    181
    Thanked 211 Times in 171 Posts
    Rep Power
    65
    ShareEnum looks handy. For checking file permissions etc I find the output of DumpSec from SystemTools (free) a bit more easily readable/laid out, even if the app is looking a bit dated now.

    Free Utilities from SystemTools Software

    Few other handy freebies there that are worth checking out too.

SHARE:
+ Post New Thread

Similar Threads

  1. Adobe Photoshop CS3 Extended
    By joe90bass in forum Educational Software
    Replies: 1
    Last Post: 24th June 2008, 08:08 PM
  2. Adobe CS3 Suite, anyone seen?
    By ZeroHour in forum Educational Software
    Replies: 1
    Last Post: 28th January 2008, 05:48 AM
  3. win2k3 share sub-folder missing security tab
    By torledo in forum Windows
    Replies: 9
    Last Post: 8th January 2008, 08:09 PM
  4. Adobe Photoshop CS3
    By atfnet in forum Educational Software
    Replies: 12
    Last Post: 12th October 2007, 07:29 AM
  5. UKERNA Issues RealVNC Security Alert
    By Dos_Box in forum IT News
    Replies: 0
    Last Post: 18th May 2006, 10:31 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •