[3403] in bugtraq
Re: NT security et al (Dangers of NetBIOS/NBT?)
daemon@ATHENA.MIT.EDU (Jacob Langseth)
Fri Sep 27 17:41:40 1996
Date: Fri, 27 Sep 1996 16:18:31 -0400
Reply-To: Jacob Langseth <jacob@esisys.com>
From: Jacob Langseth <jacob@esisys.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
>o Windows 3.11 has share bugs microsoft will never apparently fix,
> whereby any share allows the whole disk to be accessed by using
> a ../../.. type construct and the smbfs client code.
Well, there is actually a fix available for Windows 3.11. Take a look at
<http://www.microsoft.com/kb/peropsys/windows/q136418.htm>
While we're on the subject of NT network pet peeves (aka NetBios gotchas),
here's some more:
ppl can view full process lists from remote (via pview's connect feature)
(pview.exe is included w/ MSVC++).
ppl can read portions of the registry remotely (via regedt32.exe).
This can be REALLY BAD for NT workstations configured to use
auto-logon, as people usually forget to remove read permission
from the WinLogon entry (which keeps the auto-logon password
stored in cleartext).
ppl can read Application and Event logs remotely (w/ eventvwr.exe)
Is it just me, or is the entire principle of releasing this kind of information
(logs, processes, registry info), w/o explicit permission from the
administrator,
completely flawed? Anyone know how to disable these 'features'?
JwL
--
Jacob Langseth -=-finger for PGP key-=-
Enhanced Systems, Inc. email: jacob@esisys.com
6961 PeachTree Ind Blvd voice: (770) 662-1504 ext. 684
Norcross, GA 30092 fax: (770) 662-1537
