nt-part2_4
Analysis of the Security of Windows NT
1 March 1999
4
5.7.5
PPTP Filtering .........................................................................................43
5.8
Auditing ..................................................................................................................43
6.
Utility Programs.........................................................................................46
6.1
Different Types of Utility Programs ......................................................................46
6.1.1
Security Analysis Programs.....................................................................46
6.1.2
Information Retrieval Programs ..............................................................46
6.1.3
Maintenance programs.............................................................................47
6.2
The Source Code Problem ......................................................................................47
7.
Vulnerabilities ............................................................................................48
7.1
Methodology ..........................................................................................................48
7.2
Experimental System..............................................................................................48
7.3
Known Security Problems ......................................................................................48
7.3.1
Installation Problems ...............................................................................48
7.3.2
Collisions in MD4 ...................................................................................49
7.3.3
Parameter Checks in System Calls ..........................................................49
7.3.4
Undocumented System Variables and Functions ....................................49
7.3.5
Plain-text Passwords over the Network ...................................................50
7.3.6
Non NTFS File Systems ..........................................................................50
7.3.7
System Initialization ................................................................................50
7.4
Suggested Attacks ..................................................................................................50
7.4.1
Weaknesses in SMB and Challenge/Response........................................51
7.4.2
Weaknesses in SMB Signing ...................................................................52
7.5
Availability Attacks................................................................................................53
7.5.1
NTCrash...................................................................................................53
7.5.2
Rollback ...................................................................................................53
7.5.3
CPUHog...................................................................................................53
7.5.4
Teardrop...................................................................................................54
7.5.5
Teardrop2 (bonk and boink) ....................................................................54
7.5.6
Land and LaTierra ...................................................................................55
7.6
Confidentiality Attacks...........................................................................................56
7.6.1
NTFSDOS ...............................................................................................56
7.6.2
NTRecover (read-only version)...............................................................56
7.6.3
RedButton ................................................................................................56
7.7
Integrity Attacks .....................................................................................................57
7.7.1
ERD Commander.....................................................................................57
7.7.2
NTRecover...............................................................................................58
7.7.3
NTLocksmith ...........................................................................................58
7.7.4
GetAdmin ................................................................................................58
7.7.5
Password Cracking ..................................................................................60
7.8
Classification of weaknesses ..................................................................................62
8.
NT versus UNIX with NFS and NIS ........................................................63
8.1
Security ...................................................................................................................64
8.2
UNIX versus NT ....................................................................................................65
8.3
Intrusion comparison ..............................................................................................66
8.3.1
Installation Problems ...............................................................................66
8.3.2
MD4 Collisions........................................................................................66
8.3.3
Failed parameter checks on critical system calls .....................................66
8.3.4
Undocumented system variables and functions.......................................67
8.3.5
SMB challenge response..........................................................................67
8.3.6
Plain text passwords over the network ....................................................67
8.3.7
Non NTFS file systems............................................................................67
8.3.8
System initialization problems ................................................................67
8.3.9
Teardrop/Teardrop2/Land/laTierra..........................................................68
8.3.10
NTCrash...................................................................................................68