Bugtraq mailing list archives

New Security Vulnerability in WinNT

From: stervino () INFO ENSERB U-BORDEAUX FR (Alexandre Stervinou)
Date: Sat, 13 Mar 1999 00:32:19 +0100


A new security vulnerability in Windows NT4 has been released, I was
just surfin' on http://www.cybermedia.co.in/, when I saw this:

<quote>

 CSPL has uncovered most serious Case Sensitivity vulnerability in
Microsoft's Windows NT operating  system. This security hole allows you
to get "Administrator" access on a machine while logged in as "guest" or
any ordinary user

[...]

Description:
 Using the permissions on the "\??" object directory and by exploiting
the case sensitivity of object manager it is possible to trojan any
system executables.

</quote>

--
                 Alexandre Stervinou
       mailto:stervino () info enserb u-bordeaux fr

Current thread:

Re: Digital Unix 4 protected password database. Darren J Moffat - Enterprise Services OS Product Support Group (Mar 10)
- <Possible follow-ups>
- Re: Digital Unix 4 protected password database. der Mouse (Mar 10)
  - New Security Vulnerability in WinNT Alexandre Stervinou (Mar 12)
  - Re: Digital Unix 4 protected password database. Tim Pierce (Mar 12)
- Re: Digital Unix 4 protected password database. Nate Lawson (Mar 12)
  - Re: Digital Unix 4 protected password database. Alec Muffett (Mar 15)
- Re: Digital Unix 4 protected password database. Alec Muffett (Mar 16)