| VID |
28310 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A user with the Back up Files and Directories privilege is detected. This privilege is normally only granted to Administrators and Backup Operators, and can be used to read any file or registry key, regardless of permissions.
Under NTFS, an Access Control List (ACL) is used to control each person's rights to system resources. Windows NT Backup will usually not back up drives, volumes, directories and/or files to which you do not have access privileges. Your ACL restrictions are inherited by the application at runtime. The exception is when you have the "Back up files and directories" right. Under this exception, you are able to back up and restore drives, directories, and files to which you would otherwise not have access to.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://support.microsoft.com/default.aspx?scid=kb;[LN];104221
http://hq.mcafeeasap.com/vulnerabilities/vuln_data/23000.asp
http://www.statonline.com/technologies/sec_articles/rights.asp
* Platforms Affected:
Windows Any version |
| Recommendation |
Check user rights for Back up files and Directories, and remove any names disallowed by your security policy.
To audit and revoke this privilege:
For Windows NT:
1. Open User Manager (From the Windows NT Start menu, select Programs, Administrative Tools (Common), and User Manager).
2. From the Policies menu, select User Rights to display the User Rights Policy dialog box.
3. From the Right list, select Back up files and directories.
4. Verify this right is set in accordance with your administration policy.
5. To remove a user, select the user and click Remove.
For a Windows 2000 domain:
1. Start Microsoft Management Console (mmc). From the Windows Start menu, select Run, type mmc, and click OK.
2. Add Group Policy Snap-in.
3. Browse Group Policy Objects.
4. Select the Domain Policy of interest.
5. Traverse the following path:
Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assignment and Back up files and Directories.
6. Set the user right to desired setting according to your administration policy.
For a stand-alone Windows 2000 computer:
1. On the affected computer, start gpedit.msc. From the Windows Start menu, select Run, type gpedit.msc, and click OK. The focus is local computer by default.
2. Traverse the following path:
Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assignment and Back up files and Directories.
3. Set the user right to desired setting according to your administration policy.
For Windows XP, 2003, 7, 2008, 8, 2012, 10, 2016, 2019 computer:
1. On the affected computer, start gpedit.msc. From the Windows Start menu, select Run, type gpedit.msc, and click OK. The focus is local computer by default.
2. Traverse the following path:
Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assignment and Back up files and Directories.
3. Set the user right to desired setting according to your administration policy. |
| Related URL |
CVE-1999-0534 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
250 (ISS) |
|
