lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <002e01c1b9a1$c15bb2d0$24029dd9@tuborg>
From: kain at ircop.dk (Knud Erik Højgaard)
Subject: [SCSA-004] Vulnerability in Microsoft Windows XP

Gr?gory Le Bras | Security Corporation wrote:
> .: Vulnerability in Microsoft Windows XP :.
..
> Security Corporation Security Advisory [SCSA-004]
[snip]
>
> A vulnerability was found allowing an user of a restricted session to
> have access to private files belonging to any user of the machine,
> also the administrators.
>
>
> EXPLOIT
> ________________________________________________________________________
>
> The exploit is very simple, it is enough to install a httpd Server
> such as ?Apache. Put them on the disc where Windows Microsoft is
> installed as resources of the server. Connect you to the following
> address: http://localhost/
> The index of the disc thus appears to the screen.
> You can then cross the directory /documents and Setting/ and so to
> reach the private files.

How do you define a 'restricted session'? Would a user in a restricted
environment set up by you be able to install apache, but not be able to
browse the files of other users?

Has the apache by any chance been installed as a service running with SYSTEM
privileges?

--
Knud


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ