Bugtraq mailing list archives

Re: AUTORUN Vul still work.

From: Gossi The Dog <gossi () OWNED LAB6 COM>
Date: Fri, 16 Feb 2001 18:10:57 +0000

On Thu, 15 Feb 2001, Nelson Brito wrote:

<snip>

2 - place the autorun.inf and autorun2.exe on there;


When I said "place" I just want to say: If the "root directory" is
writable to you, put the files there. It's mean that is possible to
exploit this using all of shares, example:
ADMIN$ -> %SystemRoot%
C$     -> %SystemDrive%

By default ordinary users have write access on those shares.


No, they don't by default with NT4.  If 'normal' users have write access
to administrator shares of Workstations on your domain, that is a tad bit
more worrying than an autorun exploit.

Regards,
Gossi.

Current thread:

AUTORUN Vul still work. Nelson Brito (Feb 15)
- Re: AUTORUN Vul still work. Nelson Brito (Feb 15)
- Re: AUTORUN Vul still work. Nelson Brito (Feb 16)
  - Re: AUTORUN Vul still work. Gossi The Dog (Feb 16)
- Re: AUTORUN Vul still work. Jesper M. Johansson (Feb 16)
  - Re: AUTORUN Vul still work. Nelson Brito (Feb 16)
    - Re: AUTORUN Vul still work. Jesper M. Johansson (Feb 16)