Forwarded From: Liam Colvin <random@ais.net>
Originally From: Windows NT Security Mailing List
Originally To: NTSECURITY@LISTSERV.NTBUGTRAQ.COM
| Fernando asked...
| >Does anyone know about this new NT server bug (as reported by PCWeek,
| >http://www.zdnet.com/pcweek/stories/news/0,4153,374497,00.html)
If the article or web site had stated that they were merely trying to
remind people of some news that is now nearly 20 months old that would
have been fine. Unfortunately, neither tried to do that and both seem to
imply this is something new.
I don't normally remind people of old issues (that's what the NTBugtraq
archives are for), but the ZD story sorta compels me to do this.
Andy Baron first discovered the availability and usability of Null Session
access when he announced the "RedButton Bug" on NTBugtraq back on April
18th, 1997!!! See
<http://ntbugtraq.ntadvice.com/page_archives_wa.asp?A2=ind9704&L=ntbugtraq&F
=P&S=&P=14066> for that original announcement. There are a lot of messages
associated with that announcement which you can peruse through the archive
site <http://ntbugtraq.ntadvice.com/archives>.
Please note that David LeBlanc made a utility available, through me, to
stop Andy's demonstration program. It was called everyone2user.exe. This
program is no longer available, and was not needed after the release of
SP3 from Microsoft (see KB article above). Please don't ask me or David
for it!!
If there's going to be any further discussion about this "New NT Server
bug", let's make sure you've read through the age old threads on this
first and have something new to say about it.
Cheers,
Russ - NTBugtraq moderator
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Dec 8 08:58:15 1998