| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Dec 2005 13:22:38 -0800 (PST) From: Tom Ferris <tommy@...urity-protocols.com> To: Dave Korn <davek_throwaway@...mail.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: Re: [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability Retina can do remote registry, and file version checks with the proper credentials. So more than likely, its doing a registry check for the hotfix. Tom Ferris Researcher www.security-protocols.com Key fingerprint = 0DFA 6275 BA05 0380 DD91 34AD C909 A338 D1AF 5D78 On Tue, 13 Dec 2005, Dave Korn wrote: > Joshua Russel wrote in > news:7a282fc30512131028g40d65517k2254283bfecec6db@...l.gmail.com >> It is a local vulnerability, then how does Retina claims to scan it >> remotely? > > Well, at a guess.... > >> On 12/13/05, Advisories <Advisories@...e.com> wrote: > >>> Systems Affected: >>> Windows NT 4.0 >>> Windows 2000 > >>> Beginning with Windows XP, KeFlushQueueApc contains a code fix that >>> resolves this vulnerability. > > ... it just looks to see if the O/S is XP/2K3 or NT/2K. > > cheers, > DaveK > -- > Can't think of a witty .sigline today.... > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists