|
Bugtraq
mailing list archives
Re: NT security et al (Dangers of NetBIOS/NBT?)
From: jacob () esisys com (Jacob Langseth)
Date: Fri, 27 Sep 1996 16:18:31 -0400
o Windows 3.11 has share bugs microsoft will never apparently fix,
whereby any share allows the whole disk to be accessed by using
a ../../.. type construct and the smbfs client code.
Well, there is actually a fix available for Windows 3.11. Take a look at
<http://www.microsoft.com/kb/peropsys/windows/q136418.htm>
While we're on the subject of NT network pet peeves (aka NetBios gotchas),
here's some more:
ppl can view full process lists from remote (via pview's connect feature)
(pview.exe is included w/ MSVC++).
ppl can read portions of the registry remotely (via regedt32.exe).
This can be REALLY BAD for NT workstations configured to use
auto-logon, as people usually forget to remove read permission
from the WinLogon entry (which keeps the auto-logon password
stored in cleartext).
ppl can read Application and Event logs remotely (w/ eventvwr.exe)
Is it just me, or is the entire principle of releasing this kind of information
(logs, processes, registry info), w/o explicit permission from the
administrator,
completely flawed? Anyone know how to disable these 'features'?
JwL
--
Jacob Langseth -=-finger for PGP key-=-
Enhanced Systems, Inc. email: jacob () esisys com
6961 PeachTree Ind Blvd voice: (770) 662-1504 ext. 684
Norcross, GA 30092 fax: (770) 662-1537
 By Date 
By Thread
Current thread:
|
Intro
