Results 1 to 7 of 7

Thread: More Windows vulnerabilities

  1. #1
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,542

    More Windows vulnerabilities

    More windows vulnerabilities:

    Source: http://www.securityspace.com

    Title: Windows Terminal Service Enabled
    ID: 10940
    Category: Useless services
    URL: http://www.securityspace.com/smysecu....html?id=10940
    Summary: Connects to the remote terminal server
    Description:
    The Terminal Services are enabled on the remote host.
    Terminal Services allow a Windows user to remotely obtain
    a graphical login (and therefore act as a local user on the
    remote host).

    If an attacker gains a valid login and password, he may
    be able to use this service to gain further access
    on the remote host.


    Solution : Disable the Terminal Services if you do not use them
    Risk factor : Low



    Title: IPSEC IKE check
    ID: 10941
    Category: Denial of Service
    URL: http://www.securityspace.com/smysecu....html?id=10941
    Summary: IPSEC IKE check
    Description:
    The remote IPSEC server seems to have a problem negotiating
    bogus IKE requests.

    An attacker may use this flaw to disable your VPN remotely

    Solution: Contact your vendor for a patch
    Risk factor: High



    Title: Check for a Citrix server
    ID: 10942
    Category: Useless services
    URL: http://www.securityspace.com/smysecu....html?id=10942
    Summary: CITRIX check
    Description:
    A Citrix server is running on this machine.

    Citrix servers allow a Windows user to remotely
    obtain a graphical login (and therefore act as a local
    user on the remote host).

    If an attacker gains a valid login and password, he may
    be able to use this service to gain further access on
    the remote host

    Solution: Disable this service if you do not use it. Also, make sure that the SECURE ICA option pack has been installed

    Risk factor: Low



    Title: Apache Remote Command Execution via .bat files
    ID: 10938
    Category: CGI abuses
    URL: http://www.securityspace.com/smysecu....html?id=10938
    Summary: Tests for presence of Apache Command Execution via .bat vulnerability

    Description:
    The Apache 2.0.x Win32 installation is shipped with a default script, /cgi-bin/test-cgi.bat, that allows an attacker to execute commands on the Apache server (although it is reported that any .bat file could open this vulnerability.)

    An attacker can send a pipe character '|' with commands appended as parameters, which are then executed by Apache.

    Solution:
    This bug is fixed in 1.3.24 and 2.0.34-beta, or remove /cgi-bin/test-cgi.bat

    Risk factor : High

  2. #2
    Senior Member
    Join Date
    Jul 2001
    Posts
    196
    Seems these would be better placed as "software vulnerabilities" for this version of "windows XP/2000/NT/98/95"

    You have Apache and Citrix listed, but does it really relate to windows or the software running on windows?

  3. #3
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,542
    Yep you are +/- right. It are no real windows vulnerabilities, only the first is

    but knightmb if you read carefull you can see that it mentions for the last 2:
    1) for Apache >>> Apache 2.0.x Win32
    2) for Citrix >>> Citrix servers allow a Windows user to...

    and for the other 2: I assume that "Windows Terminal Service Enabled" concerns windows... and that the VPN DoS concerns M$ users too
    for some info how to setup up VPN on win boxes, visit: http://www.vpnlabs.org/vpn-categorie.../36/index.html

    but you're right I had to use another thread title... sorry M$

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Um.. a service functioning as designed is not a vulnerability, And term serv is not a default service. They might as well write up a vulnerability like this.

    Title: Ctrl-Alt-Del
    ID: 106969


    Summary: Allows user to log in
    Description:
    Depressing control, alternate, and delete together allows an individual to login to the machine to which the keyboard is connected

    If an attacker gains a valid login and password, he may
    be able to use this service to gain further access
    on the host.


    Solution : Hide the power cord for your computer.
    Risk factor : Low



    That is just more of the MS sucks propaganda. Terminal server is an extremely useful tool when configured properly.

  5. #5
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,542
    Ok mohaughn you have a point... this time I screwed up. It's not fair to blame M$ for everything. So for the second time I apologize.
    You are right


    Title: Wrong title or not objectif information
    ID: 106970

    Summary: Allows user to critize you
    Description:
    Posting a wrong title thread or information could cause problems with other users

    If an attacker gains a valid argument he may be able to use this argument
    to make further complaints.

    Solution : Don't post when you are to tired
    Risk factor : Low

  6. #6

  7. #7
    Senior Member
    Join Date
    Jul 2001
    Posts
    196
    Originally posted here by mohaughn
    Um.. a service functioning as designed is not a vulnerability, And term serv is not a default service. They might as well write up a vulnerability like this.

    Title: Ctrl-Alt-Del
    ID: 106969


    Summary: Allows user to log in
    Description:
    Depressing control, alternate, and delete together allows an individual to login to the machine to which the keyboard is connected

    If an attacker gains a valid login and password, he may
    be able to use this service to gain further access
    on the host.


    Solution : Hide the power cord for your computer.
    Risk factor : Low



    That is just more of the MS sucks propaganda. Terminal server is an extremely useful tool when configured properly.
    I have to admit, that's a good one. I've forwared it to a bunch of friends, so don't be surprised if you get spammed by it later on with the way the Internet works

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •