Vulnerability Development mailing list archives
Re: More on Shatter
From: Syzop <syz () dds nl>
Date: Sun, 25 Aug 2002 20:08:16 +0200
HalbaSus wrote:
My question would be... Why would anyone want to patch it ? Here are some reasons for not bothering about it.
I have worked at a school in the past which was running NT(/w2k) workstations, in such a case there are good reasons to fix it... [..]
2. Currently there are plenty of remote vulnerabilities which leave you with enough priviledge to do some nasty stuff on a Win32-box [..]
The workstations aren't running IIS or something, the only ports open are for filesharing/rpcstuff (which ofcourse also had/have bugs).
3. As long as someone needs phisical access for this it's not really such a serious problem.. usually when someone has phisical access to a computer he can do mostly whatever he/she wants. Without using exploits...
That's right but it will take some time to open up the computer so it's highly likely a teacher will see it.
4. And probably the most important reason: Shatter is one of those mostly harmless yet very neet exploits that you can impress your friends with... [..]
I don't agree with this.
Just because users can logon locally doesn't make any root exploit on that box harmless.
For example: a user can install a keyb logger to sniff passwords from other
users logging in at that machine.
Bram Matthys.
Current thread:
- More on Shatter Chris Paget (Aug 23)
- Re: More on Shatter Daniel Newby (Aug 23)
- Re: More on Shatter Dragos Ruiu (Aug 24)
- Re: More on Shatter Daniel Newby (Aug 24)
- Re: More on Shatter Dragos Ruiu (Aug 24)
- <Possible follow-ups>
- re: More on Shatter HalbaSus (Aug 25)
- Re: More on Shatter Darryl Luff (Aug 25)
- Re: More on Shatter Syzop (Aug 26)
- Re: More on Shatter H C (Aug 26)
- RE: More on Shatter Kris Kistler (Aug 26)
- RE: More on Shatter Richard Masoner (Aug 26)
- RE: More on Shatter Mark Ribbans (Aug 26)
- RE: More on Shatter Kayne Ian (Softlab) (Aug 27)
- Re: More on Shatter Daniel Newby (Aug 23)