[12166] in bugtraq
Re: RFP9903: AeDebug vulnerability
daemon@ATHENA.MIT.EDU (Stefan Norberg)
Fri Oct 8 16:49:35 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <002101bf1042$f40e3140$0500000a@hermes>
Date: Wed, 6 Oct 1999 23:37:08 +0200
Reply-To: Stefan Norberg <stnor@SWEDEN.HP.COM>
From: Stefan Norberg <stnor@SWEDEN.HP.COM>
X-To: David LeBlanc <dleblanc@MINDSPRING.COM>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
> One other thing to consider is that when user processes crash, they can
> sometimes create a user.dmp file, which like UNIX-style core files can
> sometimes contain information useful to an attacker. There is a way to
> turn this off, but I don't recall what it is at the moment.
>
Run drwtsn32.exe and uncheck "Create Crash Dump File" or just edit the
registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DrWatson\CreateCrashDump = 0
/stefan
