De: "Jesse Smythe" À: Objet: NetOP School Admin Vulnerability for Windows 2000 Terminal Services and NT4 Date : mardi 11 septembre 2001 20:04 NetOp School, a program for screen broadcast and remote control of Windows 3.1x, Windows 9x, Windows NT and Windows 2000 PCs (including support for Windows 2000 Terminal Services and NT4 Terminal Server Edition) across NetBIOS, IPX and TCP/IP. The problem arises in the way that netOP handles no authorised users. When netop school is installed on a local area network, Full control of the network and all work stations can be taken. The method is as follows... By default when a user logs into a workstation the student version of netop is run. If a user (student) attempts to execute the admin version of NetOP then the required password dialog will appear and the user will need to know that password if they wish to run the program. The flaw is in the way the program reacts when the student version isnt running. For example a student can use any type of task manager to kill the student version and when he or she goes to open the admin version all security checks and password dialogs are bypassed. This gives the student or non-authorised user full access to any workstation loged in to the network. It also allows users to "spy" on anybody in the network. This has huge implications for System Administrators who need to protect data, and for students and teachers that require privacy. This hole has been tested on the Latest version, NetOp School, version 1.5 Regards Jesse Smythe