Re: RFP9903: AeDubug vulnerabilty

[davidz () IHUG COM AU (David Zverina)]

It is possible to disable this behaviour (which I always do for servers) by
starting Dr Watson (Run: drwtsn32) and deselecting the "Visual Notification
Checkbox". While there I also usually disable the create crash dump file as
this can take quite a while for large processes and the machine runs like a
dog in the meanwhile.

Dave.

---
David Zverina
Engineer - Black Ice Software
"This message transmitted on 100% recycled electrons."

> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Steve
> Coleman
> Sent: Wednesday, 13 October 1999 0:15
> To: BUGTRAQ () SECURITYFOCUS COM
> Subject: Re: RFP9903: AeDubug vulnerabilty
>
>
> Mark Dixon wrote:
>
> > Does the debugger fire when no one is logged
> > in ? I imagine it does but I've never seen a Dr Watson at the login
> > screen.
>
> I once had an NT cron job that would invoke Dr Watson late at night when
> ever a certain piece of network hardware was not accessible. The Dr
> Watson would hang until someone logged in and clicked the Ok button.
> During the interum, since my application instance was still loaded in
> memory, a new instance could not be run at any subsequently scheduled
> time. It seems to me that this behaviour could be classified as a DOS
> attack if someone knew how to force a Dr Watson for a given process.
>
> I don't recall what version of Dr Watson but I do know that it occured
> with both NT 3.51 and NT 4.0 sp3.
>
> --
> Steve Coleman     <Steve.Coleman () jhuapl edu>   http://www.jhuapl.edu/
> <<--------->> Johns Hopkins Applied Physics Laboratory <<---------->>
> Balt:443-778-6330 Fax:443-778-5597 Wash:240-228-6330 Fax:240-228-5597