[15082] in bugtraq
I think
daemon@ATHENA.MIT.EDU (Jay Mobley)
Sun May 28 14:50:11 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <BBC0308BBD08D411842800A0C9FC35B5010FD3@CONTROL>
Date: Tue, 23 May 2000 15:03:08 -0700
Reply-To: Jay Mobley <jmobley@IEINET.COM>
From: Jay Mobley <jmobley@IEINET.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
So, Im fairly green with all this security hub-bub, so admitedly I feel
pretty outta my league, but here is the low down. I use a product called
NetOps. Its a remote control client/server package ... or in thier terms,
host and guest.
Among its features is one that allows a guest to xfer files back and forth
from the host. In my case the host is run on our NT 4.0 server. a user
typically connects, sends the ctr-alt-del and logs in as if the user were
sitting at the console. Mouse and keyboard output is sent to the remote
controlled station.
The security flaw I think I have found has to do with simply connecting to
the host and beginning a file transfer. NO AUTHENTICATION IS REQUIRED to
either copy files to or from a host running this NetOps software!
Is this a valid secuity flaw??
-Jay Mobley
