Original message: > Date: Mon, 24 Jan 2005 15:52:55 -0800 > From: "Daniel Sichel" <[EMAIL PROTECTED]> > Subject: [Full-Disclosure] Terminal Server vulnerabilities > To: <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > I am currently locked in a death struggle with Microsoft's server > product group. They have dropped support for the IAS (RADIUS) mmc in > server 2003 and the 2000 version won't work under XP SP2. Their solution > is to user terminal server to control the server remotely to manage > RADIUS. Naturally I don't like this answer because of horror stories I > have heard about Terminal server. They claim there are no unfixed > vulnerabilities to Terminal Server on Windows Server 2000 Service Pack > 4. > > I find that hard to believe and I know you guys will know if they are > full of it, or they are correct. Please let me know ASAP of any CURRENT > vulnerabilities int Terminal Server. > > Dan Sichel > Network Engineer > Ponderosa Telephone > [EMAIL PROTECTED] (559) 868-6367 > > P.S. the MMC is worse, it requires that port 139 or 445 be opened, but > that is not the point, I suspect they are feeding me a line and I want > to prove it. Thanks. >
Dan, Try here for starters: http://www.google.com/search?q=%22windows+terminal+server%22+exploit&sourceid=mozilla&start=0&start=0&ie=utf-8&oe=utf-8 (2,310 results) Then pick one and try it out... -- Cheers, Dan Los Angeles Computerhelp http://losangelescomputerhelp.com 818.352.8700 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
