| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Jul 2008 12:46:43 -0700 From: Jim Harrison <Jim@...tools.org> To: "James C. Slora Jr." <james.slora@...a.com>, "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com> Subject: RE: Windows Vista Power Management & Local Security Policy You can't waste your time chasing things that "might lead to cats & dogs living together in sin". Specifically, there's no "privilege escalation" beyond that which began with "if I install..." It's pretty well understood that once you have the ability to place your own code on a machine, it's "game over". Don'tet me wrong; I think it's quite valid for someone to report something they feel is a vuln; even (or maybe even especially) if they can't demonstrate an exploit based on it. There have been plenty of reports herein and without that were actually proven by others. This is one of the things that makes open discussion so valuable. So far, no one has demonstrated an exploit that depends on this behavior _alone_. Jim ________________________________________ From: James C. Slora Jr. [james.slora@...a.com] Sent: Tuesday, July 22, 2008 8:15 AM To: bugtraq@...urityfocus.com Subject: RE: Windows Vista Power Management & Local Security Policy So is this the bottom line? This is a security mechanism bug that might lead to privilege escalation for arbitrary user processes. The OP has left it for others to determine exploitability.
Powered by blists - more mailing lists