Not true. SP3 merely fixed the ability to enumerate users with the NetUserEnum() call via a null session. This technique requires knowing the name of at least one valid user, and is a little less straightforward. In fact, the KB article which covers the RestrictAnonymous setting obliquely mentions this capability. At 02:10 PM 4/28/98 -0400, Vic Anderson wrote: >This was supposedly fixed in service pack 3, check out the release notes >for Service Pack 3, also check out KB article Q143474 concerning >limiting NULL session connections. > >-----Original Message----- >From: David LeBlanc [mailto:dleblancat_private] >Sent: Tuesday, April 28, 1998 1:12 PM >To: BUGTRAQat_private >Subject: Re: name of built-in administrator > > >At 10:21 AM 4/28/98 +0400, Evgenii Borisovich Rudnyi wrote in NTBUGTRAQ: >>While learning what SID is, I have written two utilities, user2sid and >>sid2user, which are actually command line interfaces to WIN32 >functions, >>LookupAccountName and LookupAccountSid. So, no hacking, just what is >>permitted by MS. > >[which allows users to be extracted] > >This is documented (to some extent) in a knowledge base article. I >wrote >an app which grabs all the users (and accounts for why the ISS NT >scanner >5.0 always gets the admin user, no matter what), and advised Microsoft >that >I thought this was something that should be fixed. > >At this time, there is no fix for this, except to filter connections to >port 139. I've tried a couple of things I thought would fix it, but >found >that it caused severe problems. So, at the moment, if you can get a null >session, you can dump all the users, groups, and machine accounts. You >can >also cause some other problems, but they are a little arcane, and MS has >been advised (I only found it this morning, trying to make a fix for >this). > There isn't anything you can do to stop the other problems, except >filter >139, so... > >IMHO, we should be able to control whether or not NT accepts null >sessions. > >It is possible they are doing something about this in SP4 - they didn't >tell me whether, how or when they planned to fix it. > > >David LeBlanc >dleblancat_private > David LeBlanc dleblancat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:51:38 PDT