should be) you should ACL
that directory so that they cannot do so.
Jesper M. Johansson
Configuration where the problem has been observed:
. Windows 2000 Server SP1
. NT 4.0 SP6a Workstation
No, this is wrong. NT 4.0 doesn't support propogating permissions down
the
tree. It can only propogate permissions from parent to child at
creation
time. You've observed something similar,
en mapping a shared drive to a drive letter, it would
search for an autorun.inf about half the time for some reason. I analyzed
some network traces about two and a half years ago, and was never able to
figure out why it did that in some cases but not in others.
Jesper M. Johansson
t to apply it to all users on a system, HKCU if you
only want to apply it to some users
Key: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoDriveTypeAutoRun
Data 0xFF
Jesper M. Johansson
news this time around is that you can do this on a per-machine basis
now, using the same key but under HKLM instead.
Jesper M. Johansson
h to block this code. Of course, anyone who can upload
ASP code to your server can probably take over the server a myriad other
ways, such as writing netcat into the temp directory and then executing it,
so this is probably just a very small piece of that much larger security
problem.
Jesper M. Johansson
y actually.
I hope this helps.
Jesper M. Johansson
too (step 0.1). I think I even saw something
coming out of Redmond saying that, although I believe it was just an
e-mail from Paul Leach.
Jesper M. Johansson
, common sense is used to guard against that. Also, the
trusted path did not preclude the use of that attack either. I have
actually seen one where users were presented with a login screen without
the three-finger salute, and simply entered their passwords.
Jesper M. Johansson
re spawned in a regular user
context. In any case, it usually is abysmally slow, on the order of taking 5-15
minutes to bring up the installers window after it is launched
The Run As... is a nice feature, and a good bit better than the NT4 RK SU, but it is
nowhere near a *NIX su yet, unfortunately.
because he was using the NT Resource Kit
Supplement 2 version of SRVINFO.EXE. It would Dr. Watson when run against a
machine that had any hotfixes installed. Use the Supplement 3 version of
SRVINFO.EXE instead.
Jesper
Jesper M. Johansson, Ph.D.
Assistant Professor, Boston University
[EMAIL
a shortcut to convert. That's the best
I've seen so far.
Jesper M. Johansson
[EMAIL PROTECTED]
Editor, SANS NT Digest
MCSE , MCP + I
12 matches
Mail list logo