Bugtraq mailing list archives
Re: RFP9903: AeDebug vulnerability
From: deuelpm () HERON TC CLARKSON EDU (Pete Deuel)
Date: Tue, 5 Oct 1999 13:46:36 -0400
At 12:25 AM 10/2/99 -0500, .rain.forest.puppy. wrote:
the following registry key holds the program to execute as a debugger:\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion \AeDebug\Debugger
As a matter of course, I nuke the whole AEDebug key. Try it. <usual disclaimers apply, YMMV> :) I started doing this when some programmers on a software development team at a largely [respected|hated] chip company I used to work for ran into some walls when their software kept causing Dr. Watsons, even though their code seemed good. They went up the chain with premium corporate Microsoft support, at every step "the code looked good." One day, a test engineer turned Dr. Watson off (by blanking the AEDebug keys) and the problem went away. If the problem were anything else, you'd get a plain vanilla GPF-like error box in place of the Dr. Watson dialog. So, now that we're into NT4SP5 some years later, things still just "seem" better on NT w/o Dr. Watson. I've never experienced any ill-effects of nuking that key, now I'm glad that I always do. I guess what goes around comes around: it was bad to leave debugging on in finger, it is bad to enable debugging in sendmail, so to it is bad to enable debugging in a production NT server. "Thou shalt not leave a Debugger going." :) That really cuts this whole issue away, right? All this time I was being more secure and I didn't even know it...
True, but you have to get something to crash that is running as a higher-level user than you are.
Ahem. If I even begin to list the things, I'll never stop. <g> Pete -- "call this number. 1-800-578-7453. It's the customer service line for Brown & Williamson (tobacco). I'm not sure what they're smoking..." -Jon
Current thread:
- Re: RFP9903: AeDebug vulnerability David LeBlanc (Oct 03)
- Re: RFP9903: AeDebug vulnerability .rain.forest.puppy. (Oct 03)
- Re: RFP9903: AeDebug vulnerability Pete Deuel (Oct 05)
- NetScreen Brain-deadness... Ash (Oct 05)
- RH6.0 local/remote command execution Neezam Haniff (Oct 06)
- Re: RH6.0 local/remote command execution D (Oct 08)
- tcpdump under RedHat 6.1 Renaud Deraison (Oct 09)
- Re: NetScreen Brain-deadness... Dave McPike (Oct 06)
- RH6.0 local/remote command execution Neezam Haniff (Oct 06)
- Re: RFP9903: AeDebug vulnerability Stefan Norberg (Oct 06)
- <Possible follow-ups>
- Re: RFP9903: AeDebug vulnerability Todd Sabin (Oct 05)
- Re: RFP9903: AeDebug vulnerability David LeBlanc (Oct 05)
- Re: RFP9903: AeDebug vulnerability Joe Melhado (Oct 06)
- Re: RFP9903: AeDebug vulnerability Enno Rey (Oct 07)