Vulnerability Development mailing list archives
Re: Windows: Local Security Workaround
From: kotz () FLASH NET (Robert)
Date: Sun, 9 Apr 2000 18:31:42 -0500
I was playing around with the computers in my school's library the other morning when I came across something interesting. Just a bit of background information: my school uses Fortres101 by Grand Corp. and they have a nice ethernet set up, and they use norton (comes in handy later). Basically, after playing around with it for a while, I noticed that it was network settings that were protecting a lot of files (like autoexec.bat, etc.) and not fortres. Well, anyway, the other morning in the library, the computer I happened to sit at had been disconnected from the network so when I booted up and tried to log in it wouldn't work. Interestingly enough, norton antivirus is the only program that runs (well, that you have access to.) BEFORE the login process is complete. So I was playing around with norton and I found that you can easily run programs by changing the log file and then when you are browsing the HD, right click->open on an executable will run it. Anyway, I ran Word and found that I could edit autoexec.bat or any other file that was protected by network permissions instead of by fortres. Ironically, the program that is supposed to keep your computer 'healthy' is what provides the risk. -- Robert Kotz
Current thread:
- Re: Windows: Local Security Workaround Robert (Apr 09)
- Re: Windows: Local Security Workaround Blake Frantz (Apr 09)
- <Possible follow-ups>
- Re: Windows: Local Security Workaround Robert (Apr 09)
- Disturbing IE behaviour in regards to security. Maxime Rousseau (Apr 11)
- Re: Disturbing IE behaviour in regards to security. Mikael Olsson (Apr 12)
- Disturbing IE behaviour in regards to security. Maxime Rousseau (Apr 11)
- Re: Windows: Local Security Workaround John Flitcroft (Apr 10)
- FW: Windows: Local Security Workaround J . Phillips (Apr 10)
- Re: Windows: Local Security Workaround Junk mojo (Apr 10)
- Re: Windows: Local Security Workaround nine (Apr 12)