[12184] in bugtraq
Re: RFP9903: AeDebug vulnerability
daemon@ATHENA.MIT.EDU (Enno Rey)
Fri Oct 8 19:29:17 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Message-Id: <002501bf110f$87b91aa0$0160a8c0@server>
Date: Fri, 8 Oct 1999 00:00:44 +0200
Reply-To: Enno Rey <erey@IX.URZ.UNI-HEIDELBERG.DE>
From: Enno Rey <erey@IX.URZ.UNI-HEIDELBERG.DE>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
----- Original Message -----
From: David LeBlanc <dleblanc@MINDSPRING.COM>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Tuesday, October 05, 1999 8:24 PM
Subject: Re: RFP9903: AeDebug vulnerability
>David LeBlanc wrote:
>One other thing to consider is that when user processes crash, they can
>sometimes create a user.dmp file, which like UNIX-style core files can
>sometimes contain information useful to an attacker. There is a way to
>turn this off, but I don't recall what it is at the moment.
>
Just run drwtsn32.exe from system32, then you can configure the behaviour of
drwtsn. There is a little hlp-file explaining the contents of the dump file,
too. (Though this file doesn't treat the subject very deeply, from a
technical point of view)
From time to time, I have to examine the contents of this file; I'm not sure
whether these contents could be useful for an attacker.
Regards,
Enno
erey@ix.urz.uni-heidelberg.de
