OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ken Pfeil (KenINFOSEC101.ORG)
Date: Tue Jul 03 2001 - 08:03:17 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi Folks,
    I was also able to reproduce this. As Bjorn said, all you have to do is
    press the spacebar to circumvent the screensaver, then type "explorer" to
    get the desktop back (or cmd, "Control Panel", etc etc) in the browser's
    address window. The kicker is that this also works with Terminal services
    web client.

    > -----Original Message-----
    > From: Bjorn Furuknap [mailto:furuINFONETT.HM.NO]
    > Sent: Wednesday, June 27, 2001 1:18 PM
    > To: win2ksecadviceLISTSERV.NTSECURITY.NET
    > Subject: Re: FW: Living Waterfalls Demo 'bug'
    >
    >
    > The bad part about this is that you can use this hole to run
    > %windir%\explorer.exe and you are in 'normal' win2k mode. No
    > restrictions to
    > running iexplore, you get the users desktop et. al.
    >
    > Funny thing is, whenever you press CTRL+ALT+DEL you get the option of
    > unlocking the computer :-)
    >
    > Y.s.
    > Bjorn
    > --
    > - Bjorn Furuknap - mailto:furuinfonett.hm.no
    > - "Very funny, Scotty. Now beam down my clothes"
    > - infonett a/s - http://www.infonett.hm.no/ - +47 62 95 59 40
    > - Pa egne vegne der det passer seg slik.
    >
    > > -----Original Message-----
    > > From: Steve [mailto:steveSECURESOLUTIONS.ORG]
    > > Sent: 27. juni 2001 18:59
    > > To: win2ksecadviceLISTSERV.NTSECURITY.NET
    > > Subject: Fwd: FW: Living Waterfalls Demo 'bug'
    > >
    > >
    > > >Reply-To: <mjewin2000mag.com>
    > > >From: "Mark E" <mjewin2000mag.com>
    > > >To: "Ken Pfeil" <Keninfosec101.org>,
    > > > "Steve" <stevesecuresolutions.org>
    > > >Subject: FW: Living Waterfalls Demo 'bug'
    > > >Date: Wed, 27 Jun 2001 10:22:38 -0600
    > > >X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
    > > >Importance: High
    > > >
    > > >This just in this morning:
    > > >
    > > >Mark
    > > >
    > > >
    > > >
    > > >-----Original Message-----
    > > >From: Johns Steve Civ 48CS/SCBBA [mailto:Steve.JohnsLAKENHEATH.AF.MIL]
    > > >Sent: Wednesday, June 27, 2001 9:07 AM
    > > >To: securitywin2000mag.com
    > > >Cc: s.johnsNTLWorld.com
    > > >Subject: Living Waterfalls Demo 'bug'
    > > >Importance: High
    > > >
    > > >
    > > >Hi!
    > > >
    > > >I DL this utility yesterday, and after playing with it for ~20
    > min, found
    > > >out quite by accident that it has a serious 'hole'
    > > >
    > > >Where the normal password-protected PC screensaver kicks in, and
    > > any mouse
    > > >movement or keypress returns one to the "Press CNTL-ALT-DEL" to login
    > > >screen, theirs does as well, but there's a 'back door' when
    > this program
    > > >(Living Waterfalls)
    > > >is running, which would allow anyone sitting at my desk to immediately
    > > >assume my identity, including LOCAL/NETWORK rights, and ULoad,
    > > DLoad, Surf,
    > > >read,
    > > >write edit or, yup, even delete files on the local or (really
    > > scary) entire
    > > >Network/LAN!!
    > > >
    > > >All the user has to do is press 'SPACE', and he's IN!
    > > >As a matter of fact... I'm writing this from the 'Auto-lock-out'
    > > saver now.
    > > >It features a full WEB interface (IE5.1) and virtually allows me to do
    > > >ANYTHING.
    > > >
    > > >You might want to try this yourselves, and then publish YOUR
    > findings. I
    > > >contacted the vendor, but they indicated it was a feature, and
    > > they have no
    > > >intention of 'fixing' this. I see that this SS is already avail
    > > in Romania
    > > >and Russia too, and that's an awful LOT of un-secure PCs out there.
    > > >
    > > >S. Johns
    > > >SA/DBA, TBMCS
    > > >226-3961
    > > >No matter how much you know today, you'll have to know more tomorrow.
    > >
    > > _____________________________________________________________________
    > > ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    > > ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    > > SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
    > >
    >
    > _____________________________________________________________________
    > ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    > ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    > SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

    _____________________________________________________________________
    ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net