[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lists] [Full-Disclosure] Terminal Server vulnerabilities

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [lists] [Full-Disclosure] Terminal Server vulnerabilities
From: Jonathan Rickman <jrickman@xxxxxxxxx>
Date: Wed, 26 Jan 2005 11:50:42 -0500

On Tue, 25 Jan 2005 14:38:30 -0600, Curt Purdy <purdy@xxxxxxxxxx> wrote:

> The problem with terminal server is not any vulnerablities that can be
> exploited, but the fact that administrator can be bruteforced (6 attempts
> followed by reconnect) and that it is screaming its existence on port 3889.
> If you use it, definitely change the port in the registry.

You can use the local security policy to prevent administrators from
logging in via terminal services and then enable "run as" for
administrative tasks...which should be done anyway. Changing the port
number is another good step though.

--
Jonathan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Terminal Server vulnerabilities
  - From: Daniel Sichel
- RE: [lists] [Full-Disclosure] Terminal Server vulnerabilities
  - From: Curt Purdy

Prev by Date: [Full-Disclosure] Cisco Security Advisory: Crafted Packet Causes Reload on Cisco Routers
Next by Date: [Full-Disclosure] UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijacking
Previous by thread: Re: [lists] [Full-Disclosure] Terminal Server vulnerabilities
Next by thread: Re: [Full-Disclosure] Terminal Server vulnerabilities
Index(es):
- Date
- Thread