[13546] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: RDISK registry enumeration file vulnerability in Windows NT

daemon@ATHENA.MIT.EDU (Andy Polyakov)
Mon Jan 24 23:23:13 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id:  <388C6F36.C10A22ED@fy.chalmers.se>
Date:         Mon, 24 Jan 2000 16:26:46 +0100
Reply-To: appro@FY.CHALMERS.SE
From: Andy Polyakov <appro@FY.CHALMERS.SE>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

> There exist a vulnerability in rdisk which causes the contents of the
> registry hives to be exposed to Everyone during updating of the repair info.
Which can be trivially fixed by revoking Everyone's ACE from
%SystemRoot%\repair. What's the fuzz? There're more serious holes in
default ACLs... Andy.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[13546] in bugtraq

Re: RDISK registry enumeration file vulnerability in Windows NT

daemon@ATHENA.MIT.EDU (Andy Polyakov)Mon Jan 24 23:23:13 2000

daemon@ATHENA.MIT.EDU (Andy Polyakov)
Mon Jan 24 23:23:13 2000