[24890] in bugtraq
Re: Local Security Vulnerability in Windows NT and Windows 2000
daemon@ATHENA.MIT.EDU (Alexander K. Yezhov)
Sun Mar 31 19:02:46 2002
Date: Fri, 29 Mar 2002 23:31:21 +0300
From: "Alexander K. Yezhov" <admin@leader.ru>
Reply-To: "Alexander K. Yezhov" <admin@leader.ru>
Message-ID: <10627869859.20020329233121@leader.ru>
To: bugtraq@securityfocus.com
In-Reply-To: <014101c1d576$7034cbd0$05019696@pro>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Following upon the letter of Wednesday, March 27, 2002:
AOK> DebPloitFix assigns the new security descriptor to the
AOK> DbgSsApiPort LPC port so only the local system (SYSTEM user) will
AOK> be able to access this port.
I've seen it installed on Citrix Metaframe once. Clients couldn't
connect to the terminal server after installing this patch. Could you
confirm that DebPloitFix cannot cause such problem ?
Best regards, Alexander
-----------------------------------------------------------------------
MCP+I, MCSE on Windows NT 4, MCSE on Windows 2000
http://leader.ru http://tools-on.net (Security & Privacy on the Net)
-----------------------------------------------------------------------
