lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030404214144.29820.qmail@www.securityfocus.com>
Date: 4 Apr 2003 21:41:44 -0000
From: Pavel <hiddenrecipient@...il.com>
To: bugtraq@...urityfocus.com
Subject: LocalSystem account in Windows 2000/XP




Hello everybody,

Here is a couple of my observations on Windows 2000/XP LocalSystem account.

Originally (NT4) the paradigm of this account was declared by MS as the 
following:

1. This account doesn't require athentication on the local computer.
2. It has unlimited rights on the local computer.
3. No network resources can be accessed using this account.

Now, that's what we see in Windows 2000:

1. LocalSystem is still the main account under which the most of system 
services run.
2. LocalSystem has unlimited privileges on Active Directory objects. It is 
true for all of the partitions located in the AD database. So, any process 
running under LocalSystem on any of domain controllers can easily crash 
the whole forest just by erasing Schema or Configuration objects. And that 
becomes not funny, you need to control every single backup operator as 
well as patch thoroughly every single buffer overflow vulnerabilities in 
system services and apps.
3. Here is another surprise coming. Now the LocalSystem account is able to 
access other computer's shared resources. Basically, its rights are equal 
to ones of "Users" or "Domain Users". So you don`t need to be 
authenticated by domain at all to access domain resources shared 
for "Users" only.

Has anything changed in Microsoft's vision of the System account?
What are documented security features of this account?

Thanks



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ