lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <g8pcdbo35bz56ba.250120050626@shayndel>
From: larry at larryseltzer.com (Larry Seltzer)
Subject: Re:  Terminal Server vulnerabilities

>>> [MS] claim there are no 
>>> unfixed vulnerabilities to Terminal Server on Windows Server 2000 
>>> Service Pack 4.
>>> 
>>> I find that hard to believe and I know you guys will know if they
are 
>>> full of it, or they are correct. Please let me know ASAP of any 
>>> CURRENT vulnerabilities int Terminal Server. 

>>Try here for starters:
>>http://www.google.com/search?q=%22windows+terminal+server%22+exploit&s
ourceid=mozilla&start=0&start=0&ie=utf-8&oe=utf-8
>>(2,310 results)

Just as I figured. Based only on the first 25 or so, all of the real
exploits discussed are patched and the vast majority of them apply to
Windows NT 4.0 Terminal Server. The original poster asked about
"CURRENT" vulnerabilities.

The one remaining issue I remembered is on this page
(http://www.saintcorporation.com/cgi-bin/demo_tut.pl?tutorial_name=Micro
soft_Terminal_Server.html&fact_color=doc&tag=), which is also a good
collection of vulnerabilities in general. It is a man-in-the-middle
attack that could allow an attacker, using a collection of techniques
including IP spoofing, to recover the original plaintext session. RDP,
the Terminal Server protocol, is encrypted by default. The worst thing
you have to do to work around this is to use a VPN, but considering what
they would recover is RDP data (mouse moves, key clicks, GDI elements,
etc.) I consider this a relatively high-overhead attack. 

Your Windows Terminal Server is much more likely to be vulnernerable to
a problem in Windows than one specifically in Terminal Server, which has
a very good security history. 

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@...fdavis.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ