[4237] in bugtraq
Re: Fatal bug in NT 4.0 server
daemon@ATHENA.MIT.EDU (Yiorgos Adamopoulos)
Mon Apr 7 14:35:25 1997
Date: Mon, 7 Apr 1997 14:26:23 +0300
Reply-To: Y.Adamopoulos@noc.ntua.gr
From: Yiorgos Adamopoulos <Y.Adamopoulos@NOC.NTUA.GR>
X-To: vytasvy@OSF.LT
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.95.970402120122.30846B-100000@uba.osf.lt> from
"Vytautas Vysniauskas" at Apr 2, 97 02:37:33 pm
> It is known about big hole in NT 4.0 security system
> that allows for a user without any access permission to mount NT
> server root directory (disk C:) in r/w mode and to take a
> complete control over NT system ? I heard only some little
Under 4.0 (no service packs) it is possble to mount drive C: (and any other
drive) R/W if you have a user account. Note that this is the default
installation and therefore it is not a bug but a missconfiguration:
smbclient '\\ntserver\c$' -U user
should give you the smb> prompt.
Installing SP2 removes these defaults.
-Yiorgos.
