NT case insensitive filename problems
Summary	

Description:	]You can create trojan directories in all lowercase, which will in some cases be accessed before the Mixed case directories and files NT likes to create.	
Author:	Paul Ashton <paul@ARGO.DEMON.CO.UK>	
Compromise:	This has the potential to cause an administrator level compromise.	
Vulnerable Systems:	Windoze NT 4.0	
Date:	4 July 1997 	
Notes:	Paul Ashton also suggested the idea of creating a trojan parallel help directory, with hard links to all the original Help files, except one could call a special DLL to compromise NT. Also not that the POSIX subsystem doesn't need to be installed. You can create a files of the same name but different case by calling the Win32 function CreateFile() with the FILE_FLAG_POSIX_SAMANTICS flag specified (also noted by Paul Ashton).	

Details	

Date: Fri, 4 Jul 1997 19:09:58 +0100
From: Paul Ashton <paul@ARGO.DEMON.CO.UK>
To: NTBUGTRAQ@RC.ON.CA
Subject: Files with the same name

It appears to be very difficult to use NT without giving at least
ADD access to \WINNT.

The POSIX subsystem allows files and directories to exist with the
same name and different case, let's say Profiles and profiles.

The win32 subsystem appears to use the lower case version before
the mixed case one.
Therefore anybody can create a shadow directory of the real one
with trojan versions of the same files and have them used in
preference to the real one.

Solution? Change all your files and directories to lower case?
Don't allow anything more than read access to any shared directory?

Paul