nt-part2_48
Analysis of the Security of Windows NT
1 March 1999
48
7. Vulnerabilities
We have found several sites on the Internet that present programs that utilizes flaws
that endangers the security of the NT operating system. In this section we will describe
some of these programs and use them in order to gain unauthorized access or informa-
tion from an NT system. Together with the descriptions of how the program works
there is a description of how we intended to use the program and the reward we hoped
to get as well as the results we really got. In the end of this chapter, we have tried to
classify the weaknesses according to the taxonomy presented in [66].
7.1 Methodology
In this report, we try to find security problems within NT, and to prepare the ground for
further investigations. We have mainly concentrated on studying the relevant literature.
The sources of information are published books, Usenet newsgroups, mailing lists and
other material published on Internet. Firstly, we tried to get a general view on how NT
is constructed and works. Secondly, we looked deeper into four areas of the system:
file system, account management, access control and networking. Thirdly, we tried to
find as many documented weaknesses as possible by searching the World Wide Web
(WWW) and newsgroups. All programs that we found were tested on our target system
to verify that they did indeed do what the authors claimed. In some cases certain privi-
leges were required. On those occasions, the program was tested both with and without
these privileges.
7.2 Experimental System
The target systems used to test the software have been standard PCs. Both Windows
NT 4.0 Workstation and Windows NT 4.0 Server versions of the operating system
have been used. The out of the box configuration with Service Pack 3 (SP3) have been
used, if nothing else is explicitly stated. The network used has been a standard 10Base-
T Ethernet network. The user profiles used have all been members of the standard user
group except when special privileges have been needed. On those occasions we have
also tested them as Administrator.
7.3 Known Security Problems
There are a number of known security problems that are general and not specific for
the NT system. They are, however, interesting in this report since some of them do
appear in the NT operating system. We believe that the reasons for this are the follow-
ing: some of them were introduced by mistake (e.g. missing parameter checks) others
in order to achieve the customers demand for backward compatibility and flexibility
(e.g. foreign file systems) and some because they where not known at the time of
implementation (e.g. collisions in MD4). In the following paragraphs, we will describe
and explain some of these problems.
7.3.1 Installation Problems
Security weaknesses may be introduced in various stages, i.e. in the requirement speci-
fication, in the design, in the implementation, or when the system is eventually