dolittleBEYONDSECURITY.COM

• Next message: Dougal Campbell: "IIS4 Basic authentication realm issue"
• Previous message: McCarter, Michael - SBS: "Re: Potential Vulnerability in McAfee Netshield and VirusScan 4.5"
• Next in thread: Steve Linehan: "Re: Security hole in Win2K's FTP server"
• Reply: Steve Linehan: "Re: Security hole in Win2K's FTP server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I don't know if you noticed this post, can anyone confirm this?

Thanks
Noam Rathaus.
----- Original Message -----
From: "Bob Kline" <bklineRKSYSTEMS.COM>
To: <BUGTRAQSECURITYFOCUS.COM>
Sent: Tuesday, July 11, 2000 23:59
Subject: Security hole in Win2K's FTP server

> Microsoft has introduced a security hole in the FTP server on Windows
> 2000 Professional. The properties panel for the service has controls
> for specifying "accept" or "deny" lists, and the online help explains
> how to use these controls to explicitly prohibit specific hosts from
> connecting to the service, or restrict access to an enumerated set of
> hosts. What the online help does not explain is that this security
> functionality has been turned off for the Professional version of
> Windows 2000. The intentional disabling of this feature (which was
> supported in NT Workstation 4.0, the predecessor of Windows 2000) is
> confirmed by an internal KnowledgeBase article within Microsoft.
>
> Most vendors improve functionality with later releases of their
> software, but I suppose there's an exception to every rule.
>
> --
> Bob Kline
>

• Next message: Dougal Campbell: "IIS4 Basic authentication realm issue"
• Previous message: McCarter, Michael - SBS: "Re: Potential Vulnerability in McAfee Netshield and VirusScan 4.5"
• Next in thread: Steve Linehan: "Re: Security hole in Win2K's FTP server"
• Reply: Steve Linehan: "Re: Security hole in Win2K's FTP server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]