NT IBM Netfinity远程控制软件中的漏洞

漏洞信息详情

NT IBM Netfinity远程控制软件中的漏洞

• CNNVD编号：CNNVD-199905-044
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-1414
  
• 漏洞类型：
  
  
  未知
  
• 发布时间：
  
  1999-05-25
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  ibm
• 漏洞来源：
  This vulnerability…

IBM Netfinity 远程控制中存在漏洞。本地用户通过启动运行在系统级权限下的进程管理器中的程序获得管理员权限。

Do not run the IBM Remote Control Software application or client modules on your NT hosts.
IBM will be releasing a patch for this vulnerability. In the meantime, IBM suggests:
Set NTFS LIST permissions over the WNETFIN directory. This will prevent users from executing the Netfinity Manager Services.
Use Netfinity Security Manager to restrict access to Process Manager and Remote Session.
Configure the Netfinity Manager Services to start with a non-administrator level user account.
Audit the activities of the service-user account.
Do not install Netfinity Manager Services on client machines. Only install Client Services for Netfinity Manager on client machines.
Prevent the installation of Process Manager and Remote Session by editing the INSTALL.INI file.

来源: NTBUGTRAQ
名称: 19990609 IBM’s response to “Security Leak with IBM Netfinity Remote Control Software
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92902484317769&w=2

来源: NTBUGTRAQ
名称: 19990525 Security Leak with IBM Netfinity Remote Control Software
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92765856706547&w=2

来源: BID
名称: 284
链接:http://www.securityfocus.com/bid/284