|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Windows 2000 Nul bug
From: auto45040
HUSHMAIL.COMDate: Fri Apr 28 2000 - 23:04:27 CDT
- Next message: Mousse: "Re: Windows 2000 Nul bug"
- Previous message: Microsoft Security Response Center: "Re: "Netscape engineers are weenies" [ More DLLs ]"
- Next in thread: Mousse: "Re: Windows 2000 Nul bug"
- Reply: Mousse: "Re: Windows 2000 Nul bug"
- Reply: DDOCEKAL: "Re: Windows 2000 Nul bug"
- Reply: Rolf : "Re: Windows 2000 Nul bug"
- Reply: leventHUSHMAIL.COM: "Re: Windows 2000 Nul bug"
- Reply: Daniel Dočekal: "Re: Windows 2000 Nul bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
<-[DHC ADVISORY]->
Title: Nul security AND D.O.S problem for Windows 2000
Description program: Well I guess we all know what Windows 2000 is. :)
Description problem: Simply by typing "nul" in a dos prompt, you get a screen
with all kinds of programs you can start and by hitting a button you also
get a "open file" style explorer window.
<-[what was used]->
Windows Professional 2000 build 2128
<-[how to create the security problem]->
start up a dos prompt and type "nul" and then enter. I attached a file (nil.bat)
for the people who either don't have a prompt (because of restrictions,
or whatever) or just don't know how to do it.
You'll get a little screen with a list of programs to open "nul.pif" with.
Just choose what you want to start up. Anything that is on your computer
is now available.
More dangerous maybe is the possibility to hit "other" and you're able to
browse the drives and directories. Funny thing is that with windows NT by
typing the drive name in the file name bit you can even access hidden but
shared drives, so I figure this'll still work with Windows 2000 too, but
at the moment I'm not sure.
To be honest, the same can be achieved by double-clicking an undefined fileformat.
However, a lot of administrators will have found a way to stop this, so
basically this is a workaround for that.
<-[fix]->
Well, I expect Microsoft will have a fix for the security problem, so I
won't bother with that.
<-[note]->
credit where credit is due: I wouldn't've gone and checked "nul" out in
W2k if it weren't for someone posting to Bugtraq saying c:\nul\nul like
c:\con\con could lock up W98. I was being curious.
Greetz,
nemesystm, leader of the DHC (dhcorp.cjb.net)
auto45040hushmail.com
- 1 found 62999 to go -
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
- application/octet-stream attachment: il.bat_
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: Mousse: "Re: Windows 2000 Nul bug"
- Previous message: Microsoft Security Response Center: "Re: "Netscape engineers are weenies" [ More DLLs ]"
- Next in thread: Mousse: "Re: Windows 2000 Nul bug"
- Reply: Mousse: "Re: Windows 2000 Nul bug"
- Reply: DDOCEKAL: "Re: Windows 2000 Nul bug"
- Reply: Rolf : "Re: Windows 2000 Nul bug"
- Reply: leventHUSHMAIL.COM: "Re: Windows 2000 Nul bug"
- Reply: Daniel Dočekal: "Re: Windows 2000 Nul bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]