 |
 |
Find a programming school near you
php3-list | 199807
Date: 07/27/98
- Next message: Asian Avenue: "[PHP3] Ora_Bind"
- Previous message: peter <email protected>: "[PHP3] Serious NT bug emerges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
:))
Aguante MS todavia <grin>
-- Norberto Meijome (a) Numard, (a) Beto | ICQ # 15032073 * Contrary to popular belief, Unix is user friendly. It just happens to be very selective about who it decides to make friends with.
attached mail follows:
This NEWS.COM (http://www.news.com/) story has been sent to you from peter <email protected>
Serious NT bug emerges By Michael Kanellos July 27, 1998, 3:20 p.m. PT http://www.news.com/News/Item/0%2C4%2C24643%2C00.html?sas.mail
A flaw in Microsoft's Windows NT operating system allows an ordinary network user, and potentially anyone with Internet access, to impersonate a system administrator.
Armed with knowledge of how to exploit this flaw, anyone on a Windows NT client on an NT network can gain the power to switch other users' passwords, add new addresses, change access rights to confidential network areas, and generally run the network in the same manner as an administrator, according to Mark Edwards, a private security consultant and principal behind the NT Security and NT Shop Web pages.
"It's a pretty big problem," he said. "Even though it's a local attack, it's probably one of the top five or six bugs [for Windows NT]."
The glitch was unearthed by a team of programmers from India. A Microsoft spokeswoman confirmed the bug and said the company is working on a fix that will be released soon.
The bug consists of code written by programmers. When executed through a seat on an NT network, it seeks out the highest system-level authority for the user it can find. Inevitably, the program gets the network to grant the user debug-level rights. Once a user gains these rights, they are only a few steps away from having the same power as administrator.
Typically, the malevolent user has to act from inside the network. Conceivably, however, an outside actor could exploit the flaw across the Internet if the network is also using Internet Information server from Microsoft.
Three programmers from India discovered the flaw late last year and were going to publish a book on the subject. Edwards recently verified the existence of the flaw. The bug is similar to another NT glitch discovered last year, he added.
-------------------------------------------------------
-- PHP 3 Mailing List http://www.php.net/ To unsubscribe send an empty message to php3-unsubscribe <email protected> To subscribe to the digest list: php3-digest-subscribe <email protected> For help: php3-help <email protected> Archive: http://www.php.net/mailsearch.php3-- PHP 3 Mailing List http://www.php.net/ To unsubscribe send an empty message to php3-unsubscribe <email protected> To subscribe to the digest list: php3-digest-subscribe <email protected> For help: php3-help <email protected> Archive: http://www.php.net/mailsearch.php3
- Next message: Asian Avenue: "[PHP3] Ora_Bind"
- Previous message: peter <email protected>: "[PHP3] Serious NT bug emerges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
