Bugtraq mailing list archives
Re: RFP9903: AeDebug vulnerability
From: erey () IX URZ UNI-HEIDELBERG DE (Enno Rey)
Date: Fri, 8 Oct 1999 00:00:44 +0200
----- Original Message ----- From: David LeBlanc <dleblanc () MINDSPRING COM> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Tuesday, October 05, 1999 8:24 PM Subject: Re: RFP9903: AeDebug vulnerability
David LeBlanc wrote:
One other thing to consider is that when user processes crash, they can sometimes create a user.dmp file, which like UNIX-style core files can sometimes contain information useful to an attacker. There is a way to turn this off, but I don't recall what it is at the moment.
Just run drwtsn32.exe from system32, then you can configure the behaviour of drwtsn. There is a little hlp-file explaining the contents of the dump file, too. (Though this file doesn't treat the subject very deeply, from a technical point of view)
Fromtime to time, I have to examine the contents of this file; I'm not sure
whether these contents could be useful for an attacker. Regards, Enno erey () ix urz uni-heidelberg de
Current thread:
- Re: RFP9903: AeDebug vulnerability, (continued)
- Re: RFP9903: AeDebug vulnerability Pete Deuel (Oct 05)
- NetScreen Brain-deadness... Ash (Oct 05)
- RH6.0 local/remote command execution Neezam Haniff (Oct 06)
- Re: RH6.0 local/remote command execution D (Oct 08)
- tcpdump under RedHat 6.1 Renaud Deraison (Oct 09)
- Re: NetScreen Brain-deadness... Dave McPike (Oct 06)
- RH6.0 local/remote command execution Neezam Haniff (Oct 06)
- Re: RFP9903: AeDebug vulnerability Stefan Norberg (Oct 06)
- Re: RFP9903: AeDebug vulnerability Todd Sabin (Oct 05)
- Re: RFP9903: AeDebug vulnerability David LeBlanc (Oct 05)
- Re: RFP9903: AeDebug vulnerability Joe Melhado (Oct 06)
- Re: RFP9903: AeDebug vulnerability Enno Rey (Oct 07)