Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft Security Bulletin (MS00-048)

From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Tue, 11 Jul 2000 21:45:31 +0200

Richard Waymire wrote:


for 3) Yes, the vulnerability allowed this.  A basic misunderstanding
between what you're saying for #3 and what I'm saying is that I'm assuming
you have patched your server and then carrying the discussion forward.


Gotcha,

Jenik <jenik () CPOL COM> stated that the FAQ for MS00-048 should mention
xp_cmdshell() for the above reasons, thereby implicitly assuming that the
patch is not (yet) installed. That's where I was coming from. Your
comments
went fly in the face of what I understood the vulnerability to be,
hence my questions.


Clearly you are at great risk without this patch being applied.


Yes. I guess Jenik just wanted to make sure that the Average User(tm)
would understand the exact dangers involved.

Well, no point in discussing this non-issue any further.

Regards,
Mikael Olsson

--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00         Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se
Previous By Date Next
Previous By Thread Next

Current thread: