GETADMIN 2 - THE SEQUEL

Mark Joseph Edwards (mark@ntshop.net)
Thu, 10 Jul 1997 15:44:50 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Casper Dik: "Re: Solaris Ping bug (DoS)"
Previous message: David Krinsky: "libdb snprintf under Digital Unix"

The hotfix released by MS for getadmin.exe DOES NOT WORK completely. Using
a slightly different tactic, the exploit can still be made to work in most
conditions (e.g. a not-too-heavily-loaded-down NT server).

By running a program that performs some slight manipulation <before>
running getadmin.exe, the exploit can still be run successfully. This was
tested on NT 4.0 w/SP3 and all current hotixes loaded as of July 10, 1997,
and found to work as stated.

This condition was reported to NTSecurity.NET by Constin Raiu, who
requested that we post this message to the relavant lists.

For sample code and sample .exe to test with, go to http://www.ntsecurity.ne
t and look at the GetAdmin page.

mje.

Next message: Casper Dik: "Re: Solaris Ping bug (DoS)"
Previous message: David Krinsky: "libdb snprintf under Digital Unix"