Bugtraq mailing list archives
Security hole in Win2K's FTP server
From: bkline () RKSYSTEMS COM (Bob Kline)
Date: Tue, 11 Jul 2000 17:59:41 -0400
Microsoft has introduced a security hole in the FTP server on Windows 2000 Professional. The properties panel for the service has controls for specifying "accept" or "deny" lists, and the online help explains how to use these controls to explicitly prohibit specific hosts from connecting to the service, or restrict access to an enumerated set of hosts. What the online help does not explain is that this security functionality has been turned off for the Professional version of Windows 2000. The intentional disabling of this feature (which was supported in NT Workstation 4.0, the predecessor of Windows 2000) is confirmed by an internal KnowledgeBase article within Microsoft. Most vendors improve functionality with later releases of their software, but I suppose there's an exception to every rule. -- Bob Kline
Current thread:
- SuSE Security Announcement: tnef Thomas Biege (Jul 11)
- Re: SuSE Security Announcement: tnef Rainer Link (Jul 11)
- Security hole in Win2K's FTP server Bob Kline (Jul 11)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils Conectiva Security (Jul 17)
- Re: Security hole in Win2K's FTP server Dan Kaminsky (Jul 17)
- Re: Security hole in Win2K's FTP server Adam Muntner (Jul 18)
- Re: Security hole in Win2K's FTP server David LeBlanc (Jul 18)
- Re: Security hole in Win2K's FTP server Darren Reed (Jul 18)
- MDKSA-2000:018 dump update Vincent Danen (Jul 11)
- Sun's Java Web Server remote command execution vulnerability stuart.mcclure () FOUNDSTONE COM (Jul 11)
- Attacking Windows 9x with Loadable Kernel Modules Solar Eclipse (Jul 12)