Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Simplicity

From: Dave Aitel <dave () immunityinc com>
Date: Thu, 16 Feb 2006 17:10:38 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Complexity is the opposite of security, many people say. This is
certainly true for such things as NT Thread Tokens, ACLs across system
calls a.la Argus Pitbull, and  zlib's codebase. But sometimes you have
to wonder if simplicity is necessarally any better. In some of my
testing today on the MS06_008 Kostya bug in Webclnt, I used a Windows
XP SP0 box which happens to not be on a domain and also happens to
have a downloads share open. One thing I wonder is if a user having a
downloads share open really meant to open the DAV share up as well to
anyone who bothered to present a username. (Note that a password is
not required. Also the username doens't have to be correct...)

bash-3.00$ exploits/ms06_08/ms06_08.py -t 192.168.2.131 -l 1 -d 1 -v 1
- -O user:bobiscool
...
<oops...>


http://www.microsoft.com/technet/security/advisory/906574.mspx
It is not enough to just have the File and Print Sharing enabled to
enable the Guest account to have access to they system through the
network. You must manually perform the steps that are documented in
this FAQ section to enable the Guest account and allow it to access
the system through the network. Once these steps have been performed,
any file or print sharing connection request will successfully
authenticate as the Guest account. For more information about Simple
File Sharing and its use of the Guest account, visit the following Web
site. This issue does not affect Windows XP Professional systems that
are members of a domain. Domain-joined systems do not use Simple File
Sharing. Sharing files or printers on domain-joined systems does not
enable the Guest account or give it permission to access the system
through the network. If you are using Windows XP Service Pack 2,
enabling Simple File Sharing and ForceGuest does not increase your
level of exposure to the MS05-039 security vulnerability.

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFD9PhdB8JNm+PA+iURAqxKAJ9xXbYpUIUO0fXUwbNnYhm2h2PvHgCeP6gq
t5TUQ6GOIj2RBQRuSbp3K2k=
=hJeS
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: