RSHSVC included in Windows NT 3.5x and Windows 4.0 Resource Kit Poses Security Leak (158320)
The information in this article applies to:
- Microsoft Windows NT Workstation 3.5
- Microsoft Windows NT Workstation 3.51
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Server 3.5
- Microsoft Windows NT Server 3.51
- Microsoft Windows NT Server 4.0
This article was previously published under Q158320 SYMPTOMS
Although the RSHSVC utility included in the Windows NT Server Resource Kit
uses the .Rhosts file for the Account Level Equivalence (ALE) security,
RSHSVC does not do the ALE security check as is explicitly specified in the
Rshsvc.txt or Rshsvc.htm files, therefore it poses a security leak or hole.
STATUS
Microsoft has confirmed this to be a problem in NT version 3.5x/4.0 and we
are researching this problem and will post new information here in the
Microsoft Knowledge Base as it becomes available.
REFERENCES- Rshsvc.txt or Rshsvc.htm coming with the Rshsvc.exe and .DLL file in the
Windows NT Resource Kit.
- Essential System Administration, O'Reilly & Assoc, 2nd Ed., Chapter 13
Network Security, Pages 622-623.
- UNIX Network Programming, W. R. Stevens, Prentice Hall, Chapter 9
Security, Pages 421-424
Modification Type: | Major | Last Reviewed: | 5/14/2003 |
---|
Keywords: | kbbug kbnetwork KB158320 |
---|
|