-Original Message-
From: Michal Zalewski [mailto:[EMAIL PROTECTED]]
3. Windows 2000 Server UP. - the system graphs jump from 2%
cpu usage
(in a calm evening with no ongoing backups and domain
synchronizations) to approx. 35% and holds it steady.
Windows are usually impacted
I don't have time to fix it this morning, but there's several problems in
this code - inline -
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of Toomas Kiisk
There's no need for a debugger. SE_DEBUG privilege is simply
disabled by default, and it
to determine
whether something is a device.
David LeBlanc
[EMAIL PROTECTED]
From: Darren Reed [mailto:[EMAIL PROTECTED]]
In some mail from Russ, sie said:
I think some people are not understanding the difference between the
TCP MSS and IP's MTU. Either that or both you and David LeBlanc are
grasping at straws in order to make WindowsNT look better ;)
I
add it by
editing the Registry or by using a program that edits the Registry.
===
This value should be put into
HKLM\System\CurrentControlSet\Services\TcpIP\Paramters
David LeBlanc
[EMAIL PROTECTED]
-Original Message-
From: Alun Jones [mailto:[EMAIL PROTECTED]]
Exploit:
2.) Connect to the server with anonymous and type cd con/con
(yes, this is
well know and works with MANY other too, but we think it should be
filtered).
While filtering such a command line may be a worthy
clear things up.
David LeBlanc
[EMAIL PROTECTED]
-Original Message-
From: Bugtraq List [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
How do you permanently remove the .printer mapping in IIS5?
If you remove
it with the MMC tool it comes back (and so does the virtual
directory) upon
reboot.
Turn off the spooler
From: Georgi Guninski
Toni Lassila wrote:
Workaround: I do not know of workaround but Microsoft
claims updating
WSH solves the issue.
I continue to believe all versions of IE 5.x are vulnerable.
A lot of people have missed the point of my advisory.
On 20 April 2001 Microsoft
-Original Message-
From: Nelson Brito
Well, like Ben told me, people are confused.
OK, I'll try to make myself more clear.
OK
When Domain Admin mount the user's shared then he'll execute the
"arbitary code".
This isn't true. Or at least it needs clarification. Let's say that
From: Bugtraq List [mailto:[EMAIL PROTECTED]]On Behalf Of Raju
Mathur
I'm no Microsoft lover, but
what if ISC decides that MS doesn't get to be part of the BMG (BIND
doesn't ship with Windows by default, does it?)?
Microsoft's implementation of DNS isn't based on BIND at all. IIRC, none of
. It is a bit less fun
if you are the one who is still working at 11PM on a Friday evening, which
may account for some of the reasons why my view of the universe seems to be
a little different than your's.
David LeBlanc
[EMAIL PROTECTED]
, but there is a knowledge base
article on this - you can get rid of them locally, you just use a port of
rm that runs in the POSIX subsystem - these are DOS devices, and the POSIX
subsystem knows nothing about them. So rm ./con works nicely 8-)
BTW, a POSIX version of rm comes in the resource kit.
David LeBlanc
te network.
This will not only prevent the current exploits of file:// and
UNC
\\ links, but future unknown attacks. It will also keep
trojans/virii from being able to exploit this overall weakness.
It also breaks a tremendous amount of functionality.
David LeBlanc
[EMAIL PROTECTED]
ing phase - we're all in for a wild ride.
David LeBlanc
[EMAIL PROTECTED]
, since too many sites use
some form of scripting (like www.securityfocus.com), and you can't turn it
completely off without losing the ability to do a lot of things.
David LeBlanc
[EMAIL PROTECTED]
of the
operating system, is only as good as your trust in the administrator.
Given the credentials needed to write the Winlogon values, the number of
things I could do to someone is only limited by my imagination and how much
code I want to write. The mind boggles at the possibilities g.
David LeBlanc
ks.
//if it doesn't work for you, either use a bigger buffer
//or get fancy
printf("Path longer than 1024 characters\n");
printf("If you really need to display paths 1024\n");
printf("Go write your o
happy
with the response even over a modem.
David LeBlanc
[EMAIL PROTECTED]
is opened.
I think that this may be the same bug as David Litchfield reported some
time ago, and which was fixed a while back. Could you or David please
confirm whether it is the same bug or not?
David LeBlanc
[EMAIL PROTECTED]
, and from there, you can do anything to any
user.
David LeBlanc
[EMAIL PROTECTED]
At 08:17 PM 12/1/99 -0800, Kris Kennaway wrote:
On Tue, 30 Nov 1999, David LeBlanc wrote:
Regardless of that, how does the patch stop malicious users from
producing AT jobs that have valid signatures and putting them in place?
The signature is based on a unique certificate that is stored
disable java script in both zones. I also recommend investigating all
sorts of attachments carefully.
David LeBlanc
[EMAIL PROTECTED]
controlled by this dialog at all. IMHO, the
online help could also be improved - none of these details are in the
online help. Also note that this dialog controls _incoming_ packets only -
outgoing packets are _not_ regulated. IIRC, frags are filtered after
re-assembly.
Hope this helps.
David LeBl
anyone who has tried this and
what their results are.
David LeBlanc
[EMAIL PROTECTED]
like UNIX-style core files can
sometimes contain information useful to an attacker. There is a way to
turn this off, but I don't recall what it is at the moment.
David LeBlanc
[EMAIL PROTECTED]
nown since 1996, so no advisory is needed.
- You may have noticed no humor, sarcasm, or snide remarks in this
advisory. Yeah, so?
Gee - I thought making an advisory out of something over a year old _was_
humor!
just joking
David LeBlanc
[EMAIL PROTECTED]
the variants of Outlook allow in this respect - I think
the same thing was in Outlook 97, but I don't have it installed so I can't
go check. Not sure about Outlook Express, and I don't know how Eudora 4.x
works with this, either.
David LeBlanc
[EMAIL PROTECTED]
trivially.
YOU CAN GET THE USER TO EXECUTE ARBITRARY CODE. Period. End of story.
What you do with that code is up to you. There is no need to delve into
the details of just how you steal the lunch money from the end users.
Despite David
LeBlanc et al. assurance that we could just disable Active
.
David LeBlanc
[EMAIL PROTECTED]
t I'd like it if
someone could confirm one way or another. Has anyone set this flag and had
actual reproducible problems?
David LeBlanc
[EMAIL PROTECTED]
not
running any antique applications on your server. As always, test this sort
of change thoroughly before putting it into production.
Oh - and obviously this only works if you're using NTFS.
David LeBlanc
[EMAIL PROTECTED]
said, I'd upgrade any Terminal Server with the patch, and make sure
that my firewall rules excluded 3389, unless I wanted to explicitly allow
people to connect to terminal server from the internet.
David LeBlanc
[EMAIL PROTECTED]
33 matches
Mail list logo