Re: Security hole in file sharing (bug?)

From: Massimo (barone_at_mclink.it)
Date: 01/29/05 

Date: Sat, 29 Jan 2005 16:11:21 +0100

"Roger Abell" <mvpNOSpam@asu.edu> ha scritto nel messaggio
news:%23QitcedBFHA.4004@tk2msftngp13.phx.gbl...

> It has taken me a while to find the time with the setup to
> try this, but yes, I can reproduce what you are reporting.
> I used my laptop (needed to wait until I could reboot it,
> as I hibernate with long-lived projects for weeks at a time).
>
> Anyway, modem dialup from laptop with both MS network
> client and MS file and print unchecked on the DUN interface
> connectoid. Then used TS to get remote window (from the
> same laptop) on box elsewhere from which NetBIOS ports
> would not be filtered between laptop and remote. Ping
> check - yep, seeing laptop. Open IE back to IIS on laptop,
> yep. Map drive \\<dun-ip-of-laptop>\hiddenshare$ and
> bingo - it mapped.

Ok, so it was not my fault :-)
It seems to be quite a serious bug; how can I send a bug report to
Microsoft?

> Now, what I forgot to try is a three machine test.
> That is, mapping to laptop from a machine to which there
> is no RDP term services/remote desktop connection with
> the laptop. Why? RDP will map drives within the RDP
> session if configured. I just want to rule this out as an
> interacting influence here.

I don't think it matters: the RDP client uses NetBIOS to map drives, so if
it doesn't work due to being disabled on the server, RDP can't possibly use
it. Besides, you're establishing a RDP session with the machine from which
you connect to your shares, so RDP is mapping shares on the *remote*
machine, if any.
Anyway, you don't need three machines for this test: you only need two
computers with two modems and two phone lines.

> As you stated in other post, I also know that this did
> not behave this way before (but I do not believe I have
> ever known for fact that this is so post SP2 of XP).

Have you looked at this? It says this misbehaviour was introduced in SP1,
and worsened by SP2 which introduced a similar bug in the built-in firewall.
http://www.pcwelt.de/know-how/extras/103039/

Massimo

Relevant Pages

  • Re: Security hole in file sharing (bug?)
    ... >> client and MS file and print unchecked on the DUN interface ... >> same laptop) on box elsewhere from which NetBIOS ports ... RDP will map drives within the RDP ... exemption choice in the SP 2 firewall). ...
    (microsoft.public.windowsxp.general)
  • Re: Security hole in file sharing (bug?)
    ... >> client and MS file and print unchecked on the DUN interface ... >> same laptop) on box elsewhere from which NetBIOS ports ... RDP will map drives within the RDP ... exemption choice in the SP 2 firewall). ...
    (microsoft.public.security)
  • Re: Security hole in file sharing (bug?)
    ... >> client and MS file and print unchecked on the DUN interface ... >> same laptop) on box elsewhere from which NetBIOS ports ... RDP will map drives within the RDP ... exemption choice in the SP 2 firewall). ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Remote Desktop Connection doesnt work for just me
    ... the 10.0.0.11 IP is your laptop IP address. ... I meant can you ping the ... IP of the PC your trying to connect to with RDP? ... > 0 Ethernet adapter: ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Security hole in file sharing (bug?)
    ... > try this, but yes, I can reproduce what you are reporting. ... > I used my laptop (needed to wait until I could reboot it, ... It seems to be quite a serious bug; how can I send a bug report to ... RDP will map drives within the RDP ...
    (microsoft.public.windowsxp.security_admin)
Loading