Bugtraq mailing list archives
I think
From: jmobley () IEINET COM (Jay Mobley)
Date: Tue, 23 May 2000 15:03:08 -0700
So, Im fairly green with all this security hub-bub, so admitedly I feel pretty outta my league, but here is the low down. I use a product called NetOps. Its a remote control client/server package ... or in thier terms, host and guest. Among its features is one that allows a guest to xfer files back and forth from the host. In my case the host is run on our NT 4.0 server. a user typically connects, sends the ctr-alt-del and logs in as if the user were sitting at the console. Mouse and keyboard output is sent to the remote controlled station. The security flaw I think I have found has to do with simply connecting to the host and beginning a file transfer. NO AUTHENTICATION IS REQUIRED to either copy files to or from a host running this NetOps software! Is this a valid secuity flaw?? -Jay Mobley
Current thread:
- Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Darren Moffat - Solaris Sustaining Engineering (May 15)
- Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Jeremy Rauch (May 15)
- Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Casper Dik (May 15)
- kscd vulnerability Sebastian (May 16)
- Re: kscd vulnerability Matt Wilson (May 24)
- Re: kscd vulnerability Sebastian (May 25)
- more majordomo brokeness Federico G. Schwindt (May 23)
- Re: more majordomo brokeness Richard Trott (May 31)
- I think Jay Mobley (May 23)
- Re: kscd vulnerability Katherine M. Moussouris (May 25)
- Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Jeremy Rauch (May 15)
- Re: Cisco Bug James Sneeringer (May 16)
- Security Bulletins Digest (fwd) Mike Bush (May 17)
- Re: Banner Rotation 01 Joao Pedro Gonçalves (May 17)