• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows NTFS Incorrect Hard Link Auditing Vulnerability

It has been reported that the Windows 2000 auditing system fails to properly record filesystem events when hard links are involved. Allegedly, the auditing mechanism will log an event when a hard link is created but not specify precisely what occured (only a "ReadAttributes" on the file linked to is logged). There is no record of the link filename in the log. Furthermore, accesses of the file through the hard link will cause events to be logged that are associated with the link filename rather than the file linked to.