T 4.81 Extended rights due to program dialogues on terminal servers

Secure configurations of terminal servers usually allow for restrictive access. For this, only certain applications listed in a positive list (white list) may be offered to the user and started. Access to the entire desktop allowing for numerous start and interaction options of and with applications is normally prevented. Frequently, program dialogues in approved applications can be used to start additional applications and to extend read and write authorisations.

Unauthorised file accesses

Dialogues in which files can be opened and stored constitute exposed points of attack in particular in order to gain access to unprotected directories and drives of the terminal server. For example, the users of solutions based on Windows are able to access the actually hidden drive M containing the operating system in the absence of any specific precautions. For Unix based solutions, it is also possible to access all resources within a directory tree in the absence of a corresponding rights concept. Even presumably harmless dialogues such as help functions, printer dialogues, etc. may contain menu items which make spying out the terminal server possible.

Directory Traversal

Directory Traversal may possibly be used to switch to superior file folders. For this, the usual buttons for navigating the directory structure may be used, for example. If these buttons were disabled by the system administrator, the protection may be undermined by directly entering character strings such as "../" on Unix systems or "..\" in Windows.

Uniform Resource Identifier

Uniform Resource Identifiers (URIs) identify virtual and physical resources and link local files or files provided on a server to locally installed applications in so doing. If a URI is clicked, the respective file is opened using the previously defined application. This way, the user can directly access the file, the directory of which is otherwise inaccessible to the user. The user is not required to know the exact directory the defined application is contained in, which is why the user may access applications he/she must not access.

In addition to the URI types http:// and ftp:// initially defined for browsers, there are now numerous further types, the use of which is no longer only restricted to dialogues in internet applications. A current overview can be found with the Internet Assigned Numbers Authority (IANA) according to RFC4395. Moreover, some programs register their own URIs, which do not yet form any part of the standard.

Examples for further commonly registered URIs include:

© Federal Office for Information Security. All rights reserved.