[19263] in bugtraq
Re: AUTORUN Vul still work.
daemon@ATHENA.MIT.EDU (Gossi The Dog)
Fri Feb 16 14:36:56 2001
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.33.0102161808440.26261-100000@owned.lab6.com>
Date: Fri, 16 Feb 2001 18:10:57 +0000
Reply-To: Gossi The Dog <gossi@OWNED.LAB6.COM>
From: Gossi The Dog <gossi@OWNED.LAB6.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3A8BECAA.8644FC44@secunet.com.br>
On Thu, 15 Feb 2001, Nelson Brito wrote:
<snip>
> > 2 - place the autorun.inf and autorun2.exe on there;
>
> When I said "place" I just want to say: If the "root directory" is
> writable to you, put the files there. It's mean that is possible to
> exploit this using all of shares, example:
> ADMIN$ -> %SystemRoot%
> C$ -> %SystemDrive%
>
> By default ordinary users have write access on those shares.
No, they don't by default with NT4. If 'normal' users have write access
to administrator shares of Workstations on your domain, that is a tad bit
more worrying than an autorun exploit.
Regards,
Gossi.
