Subst.exe carelessness (fwd)

Subject: Subst.exe carelessness (fwd)
From: Ben Greenbaum (bgreenbaumSECURITYFOCUS.COM)
Date: Tue Nov 30 1999 - 18:07:01 CST

• Next message: David LeBlanc: "Re: Microsoft Security Bulletin (MS99-051) (fwd)"
• Previous message: bjr: "[davidslackware.com: New Patches for Slackware 7.0 Available]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This was sent to vuldbsecurityfocus.com and is a good workaround for the
subst problem posted here earlier. I repost it to the list with the
author's permission. Thanks David!

Ben Greenbaum
Site Content Manager
Security Focus
http://www.securityfocus.com

---------- Forwarded message ----------
Date: Tue, 30 Nov 1999 16:18:38 -0500
From: dmandersworldnet.att.net
To: vuldbsecurityfocus.com
Subject: Subst.exe carelessness

        In our environment, we use both the subst and net use commands to setup
the users' environment during logon. In order to avoid any errors, our
logon scripts simply include subst *drive_letter* /d statements for all
drive letters that we use. This ensures that the machine has no previous
mappings before the rest of the script is run.

        if exist g: subst g: /d
        if exist h: subst h: /d
        if exist t: subst t: /d
        if exist z: subst z: /d
        
        subst g: c:\data
        subst h: c:\apps
        net use t: \\server\server_apps
        net use z: \\server\user_home

        We find that this solution is simple for our environment. And as the
exploit that you point out will only work to spoof drive mappings that
*should* exist in a normal user environment, this simple script addition
will eliminate that problem.

        David Anders
        dmandersworldnet.att.net

• Next message: David LeBlanc: "Re: Microsoft Security Bulletin (MS99-051) (fwd)"
• Previous message: bjr: "[davidslackware.com: New Patches for Slackware 7.0 Available]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Wed Dec 01 1999 - 15:58:18 CST