[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] LSASS.EXE Remote Buffer Overflow Investigation
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] LSASS.EXE Remote Buffer Overflow Investigation
- From: "Jeff Schreiner" <techlist@xxxxxxxxx>
- Date: Wed, 14 Apr 2004 18:32:30 -0500
Are any of your server boxes domain controller? DCPROMO.LOG will only be
created after a Windows Server OS is promoted to a domain controller.
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Richard
Maudsley
Sent: Tuesday, April 13, 2004 9:55 PM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] LSASS.EXE Remote Buffer Overflow Investigation
Hello list,
Regarding [Full-Disclosure] EEYE: Windows Local Security Authority Service
Remote Buffer Overflow
(http://archives.neohapsis.com/archives/fulldisclosure/2004-03/1994.html).
None of my systems (XP Pro, 2K, 2K3 Server) had this log file
("DCPROMO.LOG") in their %WINDOWS%\Debug directorys. I'm guessing this is
because the logging functions have never been called.
How is this (and the other affected commands) executed remotly?
Thanks,
-Rich
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html