Re: DebPloit (exploit)

From: Asheesh Laroia (pan-news@asheeshenterprises.com)
Date: 03/17/02


From: Asheesh Laroia <pan-news@asheeshenterprises.com>
Date: Sun, 17 Mar 2002 15:35:36 GMT

Works beautifully for me. Good thing I'm a client of an NT domain,
rather than sitting at the top of one.

This should prove useful. Administrators on this list, however, I would
implement the advised patch immediately. I really don't understand why
there's so little mention of this elsewhere.

For more information, read a writeup I wrote:

        http://www.everything2.com/index.pl?node=DebPloit

-- Asheesh.

On Thu, 14 Mar 2002 05:00:53 -0500, Radim \EliCZ\ Picha wrote:

> allows everyone to get handles to ANY process and thread
> (and further to become administrator. etc...).
> http://www.anticracking.sk/EliCZ/bugs/DebPloit.zip contains details and
> fix. Microsoft was notified about it.



Relevant Pages

  • Cant make projects with forms in it
    ... I'm sitting with the problem that when even anyone other then the ... administrators in our domain wants to make a project with forms ... Visual C# .NET compiler could not be created. ... Please re-install Visual Studio. ...
    (microsoft.public.vsnet.general)
  • Re: [Full-disclosure] Steve Gibson smokes crack?
    ... about the bug for a long time and made a concious decision not to patch it even though they knew it could lead to a system compromise. ... People commented on how Microsoft put out a patch quicker than they ... This is their history going back to before they purchased IE, and something that became really evident when they first began rebuilding Mosaic. ... When NT came out and Microsoft moved from producing OS' that were not network ready out of the box and toy-like GUI infrastructures, the impacts of that strategy were transposed onto administrators and users alike. ...
    (Full-Disclosure)
  • Re: How Can I Allow Access From The Internet to Only Selected User
    ... users, groups, client ip address ranges, client computer naming conventions ... All users can access Terminal Server from inside the network ... "select remote users" and enter in th administrators group. ...
    (microsoft.public.windows.terminal_services)
  • Re: [Full-disclosure] Steve Gibson smokes crack?
    ... I wasn't agreeing its a conspiracy I was just saying they knew about ... but its hard to when we find out Microsoft knew ... > their history going back to before they purchased IE, ... > strategy were transposed onto administrators and users (now more ...
    (Full-Disclosure)
  • Re: Two DB Owners
    ... impede Microsoft Windows NT system administrators from having system ... I'd like to remove all permissions from the admins ... When I remove the login it doesn't ...
    (microsoft.public.sqlserver.security)