D
David Sherman
I use Vmware and Virtual PC to test operating systems. I have several
Operating system in Vmware 4.52. I have "shared folder" in my Virtual
PC session for Windows XP, service pack 2 and all the patches. The
shared folder is called whatever. It was created my right clicking on
the folder name in explorer.exe.
I can then open a Vmware session of Fedora Core 3 (Suse 9.3 and
Knoppix 3.8) and in the KDE konqueror program, I can then do a
smb:\\IP address of the windows Xp machine in Virtual PC. Konqueror
will display all my shares. The shares include C$, D$ and "whatever".
If I click on C$ or D$, I am asked for user name and password. If I
click on "whatever", I am not asked for user name and password. If I
open up a Windows 2000 session, I see the shares C$ and D$ and my
shared folder. I still am asked for user name and password when I
click on C$ and D$ but I am also asked for user name for the
"whatever" shared folder.
It seems to me that the permissions in the Shared Folders are
different in XP and Windows 2000. The security in XP is weaker than
Windows 2000.
All I need is a Linux box and nmap and do a warp drive session and
find all the IP addresses and do my damage.
Is this the way Windows XP was designed?
I asked security at Microsoft and here is their response:
For further assistance on this issue I'm going to direct you to
technical support. What I'm seeing below is not a vulnerability from
my point of view and technical support can help understand your
concern directly since email does not seem to be doing the trick.
Operating system in Vmware 4.52. I have "shared folder" in my Virtual
PC session for Windows XP, service pack 2 and all the patches. The
shared folder is called whatever. It was created my right clicking on
the folder name in explorer.exe.
I can then open a Vmware session of Fedora Core 3 (Suse 9.3 and
Knoppix 3.8) and in the KDE konqueror program, I can then do a
smb:\\IP address of the windows Xp machine in Virtual PC. Konqueror
will display all my shares. The shares include C$, D$ and "whatever".
If I click on C$ or D$, I am asked for user name and password. If I
click on "whatever", I am not asked for user name and password. If I
open up a Windows 2000 session, I see the shares C$ and D$ and my
shared folder. I still am asked for user name and password when I
click on C$ and D$ but I am also asked for user name for the
"whatever" shared folder.
It seems to me that the permissions in the Shared Folders are
different in XP and Windows 2000. The security in XP is weaker than
Windows 2000.
All I need is a Linux box and nmap and do a warp drive session and
find all the IP addresses and do my damage.
Is this the way Windows XP was designed?
I asked security at Microsoft and here is their response:
For further assistance on this issue I'm going to direct you to
technical support. What I'm seeing below is not a vulnerability from
my point of view and technical support can help understand your
concern directly since email does not seem to be doing the trick.