[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200404142332.i3ENWJP9014615@ms-smtp-03.rdc-kc.rr.com>
From: techlist at kc.rr.com (Jeff Schreiner)
Subject: LSASS.EXE Remote Buffer Overflow Investigation
Are any of your server boxes domain controller? DCPROMO.LOG will only be
created after a Windows Server OS is promoted to a domain controller.
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Richard
Maudsley
Sent: Tuesday, April 13, 2004 9:55 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] LSASS.EXE Remote Buffer Overflow Investigation
Hello list,
Regarding [Full-Disclosure] EEYE: Windows Local Security Authority Service
Remote Buffer Overflow
(http://archives.neohapsis.com/archives/fulldisclosure/2004-03/1994.html).
None of my systems (XP Pro, 2K, 2K3 Server) had this log file
("DCPROMO.LOG") in their %WINDOWS%\Debug directorys. I'm guessing this is
because the logging functions have never been called.
How is this (and the other affected commands) executed remotly?
Thanks,
-Rich
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists