[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY12-F60vjkO22ZhCl00005e22@hotmail.com>
Date: Thu, 19 Feb 2004 14:32:01 +0000
From: "first last" <randnut@...mail.com>
To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com
Subject: RE: Multiple WinXP kernel vulns can give user mode programs kernel mode
privileges
>From: "Alun Jones" <alun@...is.com>
>Umm... yes. And?
>
>May I quote from the Windows 2000 Server Resource Kit?
>
>"Debug programs
>"(SeDebugPrivilege)
>"Allows the user to attach a debugger to any process. This privilege
>provides access to sensitive and critical operating system components.
>By default, this privilege is assigned to Administrators."
Where in that quote does it say that NtSystemDebugControl() doesn't check
user pointers, and allows you direct hardware access? This advisory is about
2 pointer bugs in NtSystemDebugControl() and what you can do with the help
of NtSystemDebugControl().
>The user is also capable of injecting code into other processes of any
>kind,
>so could install a device driver whether or not he was an administrator.
Yes, I'm well aware of that. But that's old news.
_________________________________________________________________
Store more e-mails with MSN Hotmail Extra Storage – 4 plans to choose from!
http://click.atdmt.com/AVE/go/onm00200362ave/direct/01/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists