 
Dailydave mailing list archives
Simplicity
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 16 Feb 2006 17:10:38 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Complexity is the opposite of security, many people say. This is certainly true for such things as NT Thread Tokens, ACLs across system calls a.la Argus Pitbull, and zlib's codebase. But sometimes you have to wonder if simplicity is necessarally any better. In some of my testing today on the MS06_008 Kostya bug in Webclnt, I used a Windows XP SP0 box which happens to not be on a domain and also happens to have a downloads share open. One thing I wonder is if a user having a downloads share open really meant to open the DAV share up as well to anyone who bothered to present a username. (Note that a password is not required. Also the username doens't have to be correct...) bash-3.00$ exploits/ms06_08/ms06_08.py -t 192.168.2.131 -l 1 -d 1 -v 1 - -O user:bobiscool ... <oops...> http://www.microsoft.com/technet/security/advisory/906574.mspx It is not enough to just have the File and Print Sharing enabled to enable the Guest account to have access to they system through the network. You must manually perform the steps that are documented in this FAQ section to enable the Guest account and allow it to access the system through the network. Once these steps have been performed, any file or print sharing connection request will successfully authenticate as the Guest account. For more information about Simple File Sharing and its use of the Guest account, visit the following Web site. This issue does not affect Windows XP Professional systems that are members of a domain. Domain-joined systems do not use Simple File Sharing. Sharing files or printers on domain-joined systems does not enable the Guest account or give it permission to access the system through the network. If you are using Windows XP Service Pack 2, enabling Simple File Sharing and ForceGuest does not increase your level of exposure to the MS05-039 security vulnerability. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFD9PhdB8JNm+PA+iURAqxKAJ9xXbYpUIUO0fXUwbNnYhm2h2PvHgCeP6gq t5TUQ6GOIj2RBQRuSbp3K2k= =hJeS -----END PGP SIGNATURE-----
Current thread:
- Simplicity Dave Aitel (Feb 16)


