| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Feb 2004 14:32:01 +0000 From: "first last" <randnut@...mail.com> To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com Subject: RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges >From: "Alun Jones" <alun@...is.com> >Umm... yes. And? > >May I quote from the Windows 2000 Server Resource Kit? > >"Debug programs >"(SeDebugPrivilege) >"Allows the user to attach a debugger to any process. This privilege >provides access to sensitive and critical operating system components. >By default, this privilege is assigned to Administrators." Where in that quote does it say that NtSystemDebugControl() doesn't check user pointers, and allows you direct hardware access? This advisory is about 2 pointer bugs in NtSystemDebugControl() and what you can do with the help of NtSystemDebugControl(). >The user is also capable of injecting code into other processes of any >kind, >so could install a device driver whether or not he was an administrator. Yes, I'm well aware of that. But that's old news. _________________________________________________________________ Store more e-mails with MSN Hotmail Extra Storage – 4 plans to choose from! http://click.atdmt.com/AVE/go/onm00200362ave/direct/01/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists