More Windows vulnerabilities

Printable View

April 24th, 2002, 02:18 PM
VictorKaum

More Windows vulnerabilities

More windows vulnerabilities:

Source: http://www.securityspace.com

Title: Windows Terminal Service Enabled
ID: 10940
Category: Useless services
URL: http://www.securityspace.com/smysecu....html?id=10940
Summary: Connects to the remote terminal server
Description:
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).

If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.

Solution : Disable the Terminal Services if you do not use them
Risk factor : Low

Title: IPSEC IKE check
ID: 10941
Category: Denial of Service
URL: http://www.securityspace.com/smysecu....html?id=10941
Summary: IPSEC IKE check
Description:
The remote IPSEC server seems to have a problem negotiating
bogus IKE requests.

An attacker may use this flaw to disable your VPN remotely

Solution: Contact your vendor for a patch
Risk factor: High

Title: Check for a Citrix server
ID: 10942
Category: Useless services
URL: http://www.securityspace.com/smysecu....html?id=10942
Summary: CITRIX check
Description:
A Citrix server is running on this machine.

Citrix servers allow a Windows user to remotely
obtain a graphical login (and therefore act as a local
user on the remote host).

If an attacker gains a valid login and password, he may
be able to use this service to gain further access on
the remote host

Solution: Disable this service if you do not use it. Also, make sure that the SECURE ICA option pack has been installed

Risk factor: Low

Title: Apache Remote Command Execution via .bat files
ID: 10938
Category: CGI abuses
URL: http://www.securityspace.com/smysecu....html?id=10938
Summary: Tests for presence of Apache Command Execution via .bat vulnerability

Description:
The Apache 2.0.x Win32 installation is shipped with a default script, /cgi-bin/test-cgi.bat, that allows an attacker to execute commands on the Apache server (although it is reported that any .bat file could open this vulnerability.)

An attacker can send a pipe character '|' with commands appended as parameters, which are then executed by Apache.

Solution:
This bug is fixed in 1.3.24 and 2.0.34-beta, or remove /cgi-bin/test-cgi.bat

Risk factor : High
April 24th, 2002, 06:41 PM
knightmb

Seems these would be better placed as "software vulnerabilities" for this version of "windows XP/2000/NT/98/95"

You have Apache and Citrix listed, but does it really relate to windows or the software running on windows?
April 24th, 2002, 07:38 PM
VictorKaum

Yep you are +/- right. It are no real windows vulnerabilities, only the first is

but knightmb if you read carefull you can see that it mentions for the last 2:
1) for Apache >>> Apache 2.0.x Win32
2) for Citrix >>> Citrix servers allow a Windows user to...

and for the other 2: I assume that "Windows Terminal Service Enabled" concerns windows... and that the VPN DoS concerns M$ users too ;)
for some info how to setup up VPN on win boxes, visit: http://www.vpnlabs.org/vpn-categorie.../36/index.html

but you're right I had to use another thread title... sorry M$
April 26th, 2002, 08:01 PM
mohaughn

Um.. a service functioning as designed is not a vulnerability, And term serv is not a default service. They might as well write up a vulnerability like this.

Title: Ctrl-Alt-Del
ID: 106969

Summary: Allows user to log in
Description:
Depressing control, alternate, and delete together allows an individual to login to the machine to which the keyboard is connected

If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the host.

Solution : Hide the power cord for your computer.
Risk factor : Low

That is just more of the MS sucks propaganda. Terminal server is an extremely useful tool when configured properly.
April 27th, 2002, 04:46 PM
VictorKaum

Ok mohaughn you have a point... this time I screwed up. It's not fair to blame M$ for everything. So for the second time I apologize.
You are right

Title: Wrong title or not objectif information
ID: 106970

Summary: Allows user to critize you
Description:
Posting a wrong title thread or information could cause problems with other users

If an attacker gains a valid argument he may be able to use this argument
to make further complaints.

Solution : Don't post when you are to tired
Risk factor : Low
April 27th, 2002, 05:21 PM
bilo86

lol
April 29th, 2002, 09:21 PM
knightmb

Quote:

Originally posted here by mohaughn
Um.. a service functioning as designed is not a vulnerability, And term serv is not a default service. They might as well write up a vulnerability like this.

Title: Ctrl-Alt-Del
ID: 106969

Summary: Allows user to log in
Description:
Depressing control, alternate, and delete together allows an individual to login to the machine to which the keyboard is connected

If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the host.

Solution : Hide the power cord for your computer.
Risk factor : Low

That is just more of the MS sucks propaganda. Terminal server is an extremely useful tool when configured properly.

I have to admit, that's a good one. I've forwared it to a bunch of friends, so don't be surprised if you get spammed by it later on with the way the Internet works :)