|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Security hole in Win2K's FTP server
From: Bob Kline (bkline
RKSYSTEMS.COM)Date: Tue Jul 11 2000 - 16:59:41 CDT
- Next message: Vincent Danen: "MDKSA-2000:018 dump update"
- Previous message: Solar Eclipse: "Attacking Windows 9x with Loadable Kernel Modules"
- Next in thread: Ben Greenbaum: "Re: Security hole in Win2K's FTP server"
- Reply: Ben Greenbaum: "Re: Security hole in Win2K's FTP server"
- Reply: Dan Kaminsky: "Re: Security hole in Win2K's FTP server"
- Reply: Russ: "Re: Security hole in Win2K's FTP server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Microsoft has introduced a security hole in the FTP server on Windows
2000 Professional. The properties panel for the service has controls
for specifying "accept" or "deny" lists, and the online help explains
how to use these controls to explicitly prohibit specific hosts from
connecting to the service, or restrict access to an enumerated set of
hosts. What the online help does not explain is that this security
functionality has been turned off for the Professional version of
Windows 2000. The intentional disabling of this feature (which was
supported in NT Workstation 4.0, the predecessor of Windows 2000) is
confirmed by an internal KnowledgeBase article within Microsoft.
Most vendors improve functionality with later releases of their
software, but I suppose there's an exception to every rule.
-- Bob Kline
- Next message: Vincent Danen: "MDKSA-2000:018 dump update"
- Previous message: Solar Eclipse: "Attacking Windows 9x with Loadable Kernel Modules"
- Next in thread: Ben Greenbaum: "Re: Security hole in Win2K's FTP server"
- Reply: Ben Greenbaum: "Re: Security hole in Win2K's FTP server"
- Reply: Dan Kaminsky: "Re: Security hole in Win2K's FTP server"
- Reply: Russ: "Re: Security hole in Win2K's FTP server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]