Re: Service Pack 4 - Issues

From: Aleph One (aleph1at_private)
Date: Tue Oct 27 1998 - 09:02:06 PST

Next message: Stefan Laudat: "Another nice tmp race"

Previous message: David S. Goldberg: "Re: Firewall-1 Security Advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
Date: Sat, 24 Oct 1998 23:53:34 -0600
From: Steve Manzuik <steve.manzuikat_private>
To: NTBUGTRAQat_private
Subject: Re: [NTSEC] Service Pack 4 - Issues

Well, on my tests, with a Compaq laptop (my personal machine).

I installed SP3 plus the hotfixes especially the LSASS one.  I ran the LSASS
DoS attack and it did not work on the machine.  I then installed SP4 (40bit)
on the exact same machine and copy of NT, ran the same LSASS DoS attack and
it worked.  I have not tried the 128bit SP4 but I assume the results would
be the same.

On Monday, I will be back in my office and be able to go to the lab and try
this on more machines but, I suspect that my findings will be the same.

I emailed Microsoft two days ago but have not gotten a response as of yet.

                -----Original Message-----
                From:   Micheal Espinola Jr [mailto:michealeat_private]
                Sent:   Saturday, October 24, 1998 9:59 PM
                To:     'Steve Manzuik'
                Subject:        RE: [NTSEC] Service Pack 4 - Issues

                If what you say is true, then they have neglected to
incorporate the
                Lsa2-fix Hot Fix into Service Pack 4, or did so incorrectly.

                I hope that this is an isolated incidence.  Have you heard
otherwise?


+-------------------------------+-----------------------------------+
                | Micheal Espinola Jr           | Hardening NT 4 Security
Checklist |
                | NT Administrator              |
http://www.netcom.com/~honeyluv/  |
                | mailto:michealeat_private |
|

+-------------------------------+-----------------------------------+
                 "Views expressed by this individual may differ from your
own...
                                                   ...Reader discretion is
advised."


                | -----Original Message-----
                | From: owner-ntsecurityat_private
[mailto:owner-ntsecurityat_private]On
                | Behalf Of Steve Manzuik
                | Sent: Friday, October 23, 1998 3:21 PM
                | Cc: recipient list not shown: ;
                | Subject: [NTSEC] Service Pack 4 - Issues
                |
                |
                |
                | TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to
majordomoat_private
                | Contact ntsecurity-ownerat_private for help with any
problems!
                |
--------------------------------------------------------------
                | -------------
                |
                | Hopefully someone can correct me if I am wrong here but,
is
                | it not safe to
                | assume that all of the previous "issues" that required a
MS
                | Hotfix would be
                | fixed with SP4?
                |
                | The reason I ask is because, just for the hell of it, I
                | installed SP4 40bit
                | then attempted a number of DoS attacks on my box.  The
only
                | one that worked
                | was the LSASS.EXE DoS attack.
                |
                | Can anyone else duplicate or confirm this?
                |

Next message: Stefan Laudat: "Another nice tmp race"
Previous message: David S. Goldberg: "Re: Firewall-1 Security Advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:11 PDT