lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 19 Feb 2004 14:32:01 +0000
From: "first last" <randnut@...mail.com>
To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com
Subject: RE: Multiple WinXP kernel vulns can give user mode programs kernel mode
 privileges


>From: "Alun Jones" <alun@...is.com>
>Umm... yes.  And?
>
>May I quote from the Windows 2000 Server Resource Kit?
>
>"Debug programs
>"(SeDebugPrivilege)
>"Allows the user to attach a debugger to any process. This privilege
>provides access to sensitive and critical operating system components.
>By default, this privilege is assigned to Administrators."

Where in that quote does it say that NtSystemDebugControl() doesn't check 
user pointers, and allows you direct hardware access? This advisory is about 
2 pointer bugs in NtSystemDebugControl() and what you can do with the help 
of NtSystemDebugControl().

>The user is also capable of injecting code into other processes of any 
>kind,
>so could install a device driver whether or not he was an administrator.

Yes, I'm well aware of that. But that's old news.

_________________________________________________________________
Store more e-mails with MSN Hotmail Extra Storage  4 plans to choose from! 
http://click.atdmt.com/AVE/go/onm00200362ave/direct/01/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists