lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1106637530.1948.304.camel@meposs>
From: dan at losangelescomputerhelp.com (Daniel H. Renner)
Subject: Re:  Terminal Server vulnerabilities

Original message:
> Date: Mon, 24 Jan 2005 15:52:55 -0800
> From: "Daniel Sichel" <daniels@...derosatel.com>
> Subject: [Full-Disclosure] Terminal Server vulnerabilities
> To: <full-disclosure@...ts.netsys.com>
> Message-ID:
> 	<190DFDD2F99A65469B4B15D3658C0D2BC5A495@...6.ponderosatel.com>
> Content-Type: text/plain;	charset="us-ascii"
> 
> I am currently locked in a death struggle with Microsoft's server
> product group. They have dropped support for the IAS (RADIUS) mmc in
> server 2003 and the 2000 version won't work under XP SP2. Their solution
> is to user terminal server to control the server remotely to manage
> RADIUS. Naturally  I don't like this answer because of horror stories I
> have heard about Terminal server. They claim there are no unfixed
> vulnerabilities to Terminal Server on Windows Server 2000 Service Pack
> 4. 
> 
> I find that hard to believe and I know you guys will know if they are
> full of it, or they are correct. Please let me know ASAP of any CURRENT
> vulnerabilities int Terminal Server.
> 
> Dan Sichel
> Network Engineer
> Ponderosa Telephone
> daniels@...derosatel.com (559) 868-6367
>  
> P.S. the MMC is worse, it requires that port 139 or 445 be opened, but
> that is not the point, I suspect they are feeding me a line and I want
> to prove it. Thanks.
> 

Dan,

Try here for starters:
http://www.google.com/search?q=%22windows+terminal+server%22+exploit&sourceid=mozilla&start=0&start=0&ie=utf-8&oe=utf-8
(2,310 results)

Then pick one and try it out...
-- 

Cheers,

Dan
Los Angeles Computerhelp
http://losangelescomputerhelp.com
818.352.8700

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ