Ok, what is LINDESK?
I googled for it, but found nothing informative.
Jared
| "Ron Rogers" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 11/03/2003 04:44 AM
|
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: RE: Win termin services alert |
Niall,
LINDESK isn't the flaw, it is the method that the server handled the
request from a non-windows browser. They have fixed the problem and the
application now works from any OS browser.
I ment the info to be a potential security alert.
Ron
>>> [EMAIL PROTECTED] 10/31/03 03:49PM >>>
I'm not entrely sure what you are saying here.
Terminal Services gives you a remote session on the server. You should
have to provide a username and password for this. When you get desktop
access it is in the security context of the username/password you have
provided. If you had full control that rather suggests that they had
provided you with an inappropriate username/password. If I log into a
server as root using ssh, I don't consider that to be a flaw in ssh.
Now I might be misunderstanding what you are saying here, and it could
be that LINDESK doesn't honour the credentials you provide it with,
but
this also doesn't seem like a terminal services flaw...
Niall
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Ron Rogers
> Sent: 31 October 2003 14:05
> To: Multiple recipients of list ORACLE-L
> Subject: Win termin services alert
>
>
> List.
> Reguarding Windows Terminal services...
> It is used to remotely display an action back to the
> requesting windows client with software control. Usually used
> in a browser application. We have an application that is
> "browser based" and we are instructed to use Windows 2000K as
> the client. I feel that if an application is "browser based"
> I should be able to use and client and browser. I used a
> browser on Linux with a "windows terminal services" package
> installed and connected to the server via a login/passwd with
> a browser. The problem occured when the "software control"
> didn't work and I was dropped to the server desktop. I had
> full control over the server. I immediatly contacted security.......
>
> Please be aware of this potential and serious security
> problem using terminal services.
>
> The terminal services package I tested was the LINDESK for linux.
Ron
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Ron Rogers
> INET: [EMAIL PROTECTED]
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting
services
>
---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru')
> and in the message BODY, include a line containing: UNSUB
> ORACLE-L (or the name of mailing list you want to be removed
> from). You may also send the HELP command for other
> information (like subscribing).
>
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Niall Litchfield
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Ron Rogers
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
