logo

Improper Handling of Apple HFS+ Alternate Data Stream Path

Incomplete Variant
Structure: Simple
Description

This vulnerability occurs when software fails to correctly process HFS+ file system paths that point to alternate data streams, such as a file's data or resource fork.

Extended Description

When an application makes security or logic decisions based solely on a file's main path, an attacker can bypass these controls by specifying an alternate stream path instead. For example, a validation check that allows '/safe/file.txt' might also unintentionally allow '/safe/file.txt/..namedfork/data', granting access to the same file through a different channel. This can lead to two primary risks. First, access restrictions can be circumvented if the software doesn't recognize that the alternate stream path refers to the same underlying file. Second, if the application performs different actions based on file extensions or names, feeding it a resource fork path could trigger unexpected and potentially dangerous behavior, as the code is now interacting with a different part of the file than intended.
Common Consequences 1
Scope: ConfidentialityIntegrity

Impact: Read Files or DirectoriesModify Files or Directories
Demonstrative Examples 1
A web server that interprets FILE.cgi as processing instructions could disclose the source code for FILE.cgi by requesting FILE.cgi/..namedfork/data. This might occur because the web server invokes the default handler which may return the contents of the file.
Observed Examples 1
CVE-2004-1084Server allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+.
References 1
NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
NetSec
BugTraq
16-02-2005
https://seclists.org/bugtraq/2005/Feb/309(2023-04-07)
ID: REF-578
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Functional Areas
  1. File Processing
Affected Resources
  1. File or Directory
Related Weaknesses
ChildOf: Improper Handling of File Names that Identify Virtual Resources (CWE-66)
Notes
TheoreticalThis and similar problems exist because the same resource can have multiple identifiers that dictate which behavior can be performed on the resource.
Research GapUnder-studied