OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: 'ken'FTU
Date: Wed Mar 20 2002 - 20:32:28 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On a default installation of Service Pack Manager 2000 for WindowsNT and
    2000 by Gravity Storm Software, the software creates a hidden share
    called SPM2000c$. This share is mapped to C:\. In all cases I found
    critical directories readable and at times (depending on the OS
    configuration) writeable to everyone remotely.

    I found the following directory at least readable:

    C:\winnt\system32\repair

    I found

    C:\winnt\system32

    directory writable.

    The impact should be obvious.

    I contacted the software vendor. They uploaded a new version of their
    software: they reported that it should not have this problem. I cannot
    verify this because I did not test it.

    Apart from this vulnerability, I must say that I liked the software when
    I reviewed it. (But if you don't like it, don't blame me!) To quote
    their website (since I'm tired tonight), "It allows to manage Windows
    NT/2000 Service Packs and Hotfixes on the enterprise network in a
    cost-efficient way. You can remotely detect, track, monitor, and install
    Service Packs and Hotfixes on your network."

    I am not associated with Gravity Storm Software. But, perhaps they might
    give me a free licenced copy should I increase their sales. :)

    They can be found at:
    http://www.securitybastion.com/

    Cheers,
    'ken'FTU

    -- 
    "I grew convinced that truth, sincerity and integrity in dealings 
    between man and man were of the utmost importance to the felicity of 
    life, and I formed a written resolution to practise them ever while I 
    lived."
    	-Benjamin Franklin, The Autobiography of Benjamin Franklin