Re: Local Security Vulnerability in Windows NT and Windows 2000

From: Alexander K. Yezhov (adminat_private)
Date: Fri Mar 29 2002 - 12:31:21 PST

Next message: securityat_private: "Security Update: [CSSA-2002-013.0] Linux: Name Service Cache Daemon (nscd) advisory"

Previous message: securityat_private: "Security Update: [CSSA-2002-011.0] Linux: mod_ssl Buffer Overflow Condition"
In reply to: Ashot Oganesyan K.: "Local Security Vulnerability in Windows NT and Windows 2000"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Following upon the letter of Wednesday, March 27, 2002:

AOK> DebPloitFix   assigns   the   new   security  descriptor  to  the
AOK> DbgSsApiPort LPC port so only the local system (SYSTEM user) will
AOK> be able to access this port.

I've  seen  it  installed  on  Citrix Metaframe once. Clients couldn't
connect  to the terminal server after installing this patch. Could you
confirm that DebPloitFix cannot cause such problem ?

Best regards, Alexander                           

-----------------------------------------------------------------------
         MCP+I, MCSE on Windows NT 4, MCSE on Windows 2000
  http://leader.ru http://tools-on.net (Security & Privacy on the Net)
-----------------------------------------------------------------------

Next message: securityat_private: "Security Update: [CSSA-2002-013.0] Linux: Name Service Cache Daemon (nscd) advisory"
Previous message: securityat_private: "Security Update: [CSSA-2002-011.0] Linux: mod_ssl Buffer Overflow Condition"
In reply to: Ashot Oganesyan K.: "Local Security Vulnerability in Windows NT and Windows 2000"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Mar 31 2002 - 15:53:18 PST