正文

NT IBM Netfinity远程控制软件中的漏洞

admin
admin V管理员 /0 评论 /10 阅读
1229
此篇文章发布距今已超过1232天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

NT IBM Netfinity远程控制软件中的漏洞

  • CNNVD编号:CNNVD-199905-044
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-1999-1414
  • 漏洞类型: 未知
  • 发布时间: 1999-05-25
  • 威胁类型: 本地
  • 更新时间: 2005-05-02
  • 厂        商: ibm
  • 漏洞来源: and was posted to NTBugtraq by Russ Cooper. NOTE: Althought the vulnerability was posted to NTBugtraq by Russ Cooper, Russ was not responsible for idenitfying the vulnerability.');">This vulnerability...

漏洞简介

IBM Netfinity 远程控制中存在漏洞。本地用户通过启动运行在系统级权限下的进程管理器中的程序获得管理员权限。

漏洞公告

Do not run the IBM Remote Control Software application or client modules on your NT hosts. IBM will be releasing a patch for this vulnerability. In the meantime, IBM suggests: Set NTFS LIST permissions over the WNETFIN directory. This will prevent users from executing the Netfinity Manager Services. Use Netfinity Security Manager to restrict access to Process Manager and Remote Session. Configure the Netfinity Manager Services to start with a non-administrator level user account. Audit the activities of the service-user account. Do not install Netfinity Manager Services on client machines. Only install Client Services for Netfinity Manager on client machines. Prevent the installation of Process Manager and Remote Session by editing the INSTALL.INI file.

参考网址

来源: NTBUGTRAQ 名称: 19990609 IBM's response to "Security Leak with IBM Netfinity Remote Control Software 链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92902484317769&w=2 来源: NTBUGTRAQ 名称: 19990525 Security Leak with IBM Netfinity Remote Control Software 链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92765856706547&w=2 来源: BID 名称: 284 链接:http://www.securityfocus.com/bid/284

受影响实体

  • Ibm Netfinity_remote_control  
    <!--
    2000-1-1
    -->

补丁

    暂无