I was speaking in general terms when I said that XXXXX certification
means nothing with egregious security flaws in that OS, but made my bed
when I made a specific NT reference, so I'll lie in it.
Okay, NT server, "properly" locked down, SP4 installed, can still have
users become Administrator with at least 3 bugs:
* KnownDLLs bug http://www.l0pht.com
* ScreenSaver bug http://www.cybermedia.co.in
* Case Sensitivity bug http://www.cybermedia.co.in
Bugs like this mean that there is no separation of duties since all users
can gain administrative privileges with no ability to control it.
There are hotfixes for at least one of these, BTW, but that doesn't change
my original point.
-Jason
On Sat, 19 Jun 1999, Brian Steele wrote:
> Date: Sat, 19 Jun 1999 02:03:34 -0400
> From: Brian Steele <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: Why not NT?
>
> Like?
>
> If there exists security flaws with NT that allow you to become
> Administrator on a PROPERLY-SECURED NT system, then I'll sure like to know
> about them.
>
> Brian Steele
>
> -----Original Message-----
> From: Jason Axley <[EMAIL PROTECTED]>
> To: Jean Morissette <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Saturday, 19 June, 1999 1:51 AM
> Subject: RE: Why not NT?
>
>
> >there are several widely-known security flaws in NT4 w/ SP4 that
> >allow users to become Administrator
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
