|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
Subject: Re: RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
From: Andy Polyakov (appro
FY.CHALMERS.SE)
Date: Mon Jan 24 2000 - 09:26:46 CST
- Next message: Jonathan [no, I don't write for /.] Katz: "Re: Solaris 7 and solaris 8 file permissions"
- Previous message: Theo de Raadt: "Re: *BSD procfs vulnerability"
- In reply to: Arne Vidstrom: "RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition"
- Reply: Andy Polyakov: "Re: RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> There exist a vulnerability in rdisk which causes the contents of the
> registry hives to be exposed to Everyone during updating of the repair info.
Which can be trivially fixed by revoking Everyone's ACE from
%SystemRoot%\repair. What's the fuzz? There're more serious holes in
default ACLs... Andy.
- Next message: Jonathan [no, I don't write for /.] Katz: "Re: Solaris 7 and solaris 8 file permissions"
- Previous message: Theo de Raadt: "Re: *BSD procfs vulnerability"
- In reply to: Arne Vidstrom: "RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition"
- Reply: Andy Polyakov: "Re: RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Mon Jan 24 2000 - 20:51:34 CST