Full Disclosure mailing list archives
Re: Terminal Server vulnerabilities
From: "Daniel H. Renner" <dan () losangelescomputerhelp com>
Date: Mon, 24 Jan 2005 23:18:50 -0800
Original message:
Date: Mon, 24 Jan 2005 15:52:55 -0800 From: "Daniel Sichel" <daniels () Ponderosatel com> Subject: [Full-disclosure] Terminal Server vulnerabilities To: <full-disclosure () lists netsys com> Message-ID: <190DFDD2F99A65469B4B15D3658C0D2BC5A495 () ptc6 ponderosatel com> Content-Type: text/plain; charset="us-ascii" I am currently locked in a death struggle with Microsoft's server product group. They have dropped support for the IAS (RADIUS) mmc in server 2003 and the 2000 version won't work under XP SP2. Their solution is to user terminal server to control the server remotely to manage RADIUS. Naturally I don't like this answer because of horror stories I have heard about Terminal server. They claim there are no unfixed vulnerabilities to Terminal Server on Windows Server 2000 Service Pack 4. I find that hard to believe and I know you guys will know if they are full of it, or they are correct. Please let me know ASAP of any CURRENT vulnerabilities int Terminal Server. Dan Sichel Network Engineer Ponderosa Telephone daniels () ponderosatel com (559) 868-6367 P.S. the MMC is worse, it requires that port 139 or 445 be opened, but that is not the point, I suspect they are feeding me a line and I want to prove it. Thanks.
Dan, Try here for starters: http://www.google.com/search?q=%22windows+terminal+server%22+exploit&sourceid=mozilla&start=0&start=0&ie=utf-8&oe=utf-8 (2,310 results) Then pick one and try it out... -- Cheers, Dan Los Angeles Computerhelp http://losangelescomputerhelp.com 818.352.8700 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Terminal Server vulnerabilities Daniel Sichel (Jan 24)
- RE: [lists] Terminal Server vulnerabilities Curt Purdy (Jan 25)
- Re: [lists] Terminal Server vulnerabilities Steve Tornio (Jan 25)
- RE: [lists] Terminal Server vulnerabilities ALD, Aditya, Aditya Lalit Deshmukh (Jan 27)
- Re: [lists] Terminal Server vulnerabilities Jan Muenther (Jan 27)
- RE: [lists] Terminal Server vulnerabilities ALD, Aditya, Aditya Lalit Deshmukh (Jan 27)
- Re: [lists] Terminal Server vulnerabilities Jan Muenther (Jan 27)
- Re: [lists] Terminal Server vulnerabilities Steve Tornio (Jan 25)
- RE: [lists] Terminal Server vulnerabilities Curt Purdy (Jan 25)
- Re: Terminal Server vulnerabilities Valdis . Kletnieks (Jan 27)
- <Possible follow-ups>
- Re: Terminal Server vulnerabilities Daniel H. Renner (Jan 24)
- RE: Re: Terminal Server vulnerabilities Larry Seltzer (Jan 25)
- Re: Terminal Server vulnerabilities offtopic (Jan 25)
- RE: Re: Terminal Server vulnerabilities Mark Senior (Jan 25)
- RE: Re: Terminal Server vulnerabilities Larry Seltzer (Jan 25)
- Re: Re: Terminal Server vulnerabilities Valdis . Kletnieks (Jan 25)
- RE: Re: Terminal Server vulnerabilities Larry Seltzer (Jan 25)
- Re: Terminal Server vulnerabilities larry_seltzer_is_a_fraud (Jan 26)
- RE: Re: Terminal Server vulnerabilities Bob the Builder (Jan 26)
- RE: Terminal Server vulnerabilities Stuart Fox (DSL AK) (Jan 27)