Bugtraq mailing list archives
[NTSEC] ALERT - NT security flaw announcement
From: aleph1 () DFW NET (Aleph One)
Date: Fri, 18 Apr 1997 17:27:41 -0500
April 18, 1997 Announcement MWC, Inc.- NTsecurity.com would like to inform Internet Community that MWC, Inc. has discovered a security flaw ("RedButton Bug") in Microsoft Windows NT v 3.5x, 4.0. The security problem affects the majority of NT based networks. The "RedButton Bug" enables a remote user to get unauthorized access to a part of the NT system including registry and file system. The "RedButton" utility, which is available for download at http://www.NTsecurity.com/RedButton/ demonstrates the possibility of such an access: * It logs on remotely on a Target computer without presenting any User Name and Password * gains access to some of the resources available to Everyone * determines the current name of Built-in Administrator account (thus demonstrating that it is useless to rename it) * reads several registry entries (i.e. displays the name of a Registered Owner) * lists all shares (including the hidden ones) Microsoft has already been notified about this flaw. MWC, Inc - NTsecurity.com Network Security Team
Current thread:
- Sendmail Vulnerability. Alan Brown (Apr 14)
- TcpWrappers and Sendmail Neil Harkins (Apr 15)
- Handy change I made in ltread.c Nathan D. Faber (Apr 15)
- NIS+ and signed directory objects Sun Security Coordination (Apr 15)
- Update on PHP/FI hole Shamanski (Apr 16)
- Buffer overflow in sperl5.003 Murphy (Apr 17)
- Re: Buffer overflow in sperl5.003 David Luyer (Apr 17)
- Re: Buffer overflow in sperl5.003 Jon Lewis (Apr 19)
- [NTSEC] ALERT - NT security flaw announcement Aleph One (Apr 18)
- Beta testers wanted for new security tool! Alfred Huger (Apr 18)
- IRIX 6.x /cgi-bin/wrap bug J.A. Gutierrez (Apr 19)
- Re: Buffer overflow in sperl5.003 David Luyer (Apr 17)
- PHP/FI command line buffer overflow David Sacerdote (Apr 17)
- Sun Security Bulletin #00138 Aleph One (Apr 17)