[24800] in bugtraq
Gravity Storm Service Pack Manager 2000 Share Vulnerability
daemon@ATHENA.MIT.EDU ('ken'@FTU)
Fri Mar 22 16:46:41 2002
Date: Wed, 20 Mar 2002 21:32:28 -0500
From: "'ken'@FTU" <ken_at_ftu@yahoo.com>
To: bugtraq@securityfocus.com
Message-id: <3C99463C.4080107@yahoo.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
On a default installation of Service Pack Manager 2000 for WindowsNT and
2000 by Gravity Storm Software, the software creates a hidden share
called SPM2000c$. This share is mapped to C:\. In all cases I found
critical directories readable and at times (depending on the OS
configuration) writeable to everyone remotely.
I found the following directory at least readable:
C:\winnt\system32\repair
I found
C:\winnt\system32
directory writable.
The impact should be obvious.
I contacted the software vendor. They uploaded a new version of their
software: they reported that it should not have this problem. I cannot
verify this because I did not test it.
Apart from this vulnerability, I must say that I liked the software when
I reviewed it. (But if you don't like it, don't blame me!) To quote
their website (since I'm tired tonight), "It allows to manage Windows
NT/2000 Service Packs and Hotfixes on the enterprise network in a
cost-efficient way. You can remotely detect, track, monitor, and install
Service Packs and Hotfixes on your network."
I am not associated with Gravity Storm Software. But, perhaps they might
give me a free licenced copy should I increase their sales. :)
They can be found at:
http://www.securitybastion.com/
Cheers,
'ken'@FTU
--
"I grew convinced that truth, sincerity and integrity in dealings
between man and man were of the utmost importance to the felicity of
life, and I formed a written resolution to practise them ever while I
lived."
-Benjamin Franklin, The Autobiography of Benjamin Franklin
