lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <93A085F26D0298499A1F0421C2B3A5AE01152534@lscoexch1.lsmaster.lifespan.org>
Date: Mon, 11 Oct 2004 17:05:52 -0400
From: "Ziots, Edward" <EZiots@...espan.org>
To: "'bugtraq@...urityfocus.com'" <bugtraq@...urityfocus.com>
Subject: Insecure Default Service DACL's in Windows 2003


To the list, 

In my documentation of the Default DACL on Windows 2003 Services, I have
found and confirmed the following: 

Both the Distributed Link tracking Server Service and Internet Connection
Firewall Service have the Default DACL of Everyone:Full Control, which
basically lets anyone connect to the SCM and start and stop these services
at will, which in the case of the Internet Connection Firewall Service could
cause many headaches for your service based systems. 

I guess Microsoft's forgot to didn't care to properly set the DACL's on
these services to properly secure them against inproper modification. 

For those that use WIn2k3 now on your systems, best way to remove this issue
is to utilize a Custom Security template and recofigure the DACL and add a
SACL of Everyone ( All Settings Failure) and Start, Stop, Pause ( Success)
if you want to check if someone other than the System account is accessing
these services. 

HTH, 
EZ

Edward Ziots
Windows NT/Citrix Administrator
Lifespan Network Services
MCSE,MCSA,MCP+I,M.E,CCA,Security +, Network +
eziots@...espan.org
Cell:401-639-3505
Pager:401-350-5284

********************** 
Confidentiality Notice 
**********************
The information transmitted in this e-mail is intended only for the person
or entity to which it is addressed and may contain confidential and/or
privileged information. Any review, retransmission, dissemination or other
use of or taking of any action in reliance upon this information by persons
or entities other than the intended recipient is prohibited. 
If you received this e-mail in error, please contact the sender and delete
the e-mail and any attached material immediately. Thank you.






Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ