lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <416DEEC5.4050500@secnetops.com>
From: kf_lists at secnetops.com (kf_lists)
Subject: EEYE: Windows VDM #UD Local Privilege Escalation

Who says that the attacker has to try to get local access? I am sure you 
have several potential attackers sitting around you right now (if you 
are reading this in an office building)? How is ISS going to stop 
someone from sitting down and logging into a machine they are supposed 
to have local user level access to (and why would they for that matter)? 
Just because they are protecting me remotely does not mean they should 
neglect me locally.  I will use a general office setting as an example: 
I have multiple individuals that need local access to their PC's, they 
do not however need access at an administrative level. Users are not 
allowed to install software or modify any system settings. I have this 
wonderful firewall application protecting the machines from remote 
exploitation and spyware. The local office geek has figured out he can 
right click on the tray icon and bypass all local restrictions on the 
machine. Whats wrong with this picture?

*flame on*

-KF


David Maynor wrote:

>Its not that ISS doesn't feel like its a problem, its just when you
>let an attacker get to the point where they could run a local attack
>its game over. ISS's goal is to stop the attacker from getting close
>enogh to execute a local attack.
>
>
>On Wed, 13 Oct 2004 10:30:27 -0400, KF_lists <kf_lists@...netops.com> wrote:
>  
>
>>ISS would like to have you believe otherwise...  when I contacted them
>>about the Local SYSTEM escalation in BlackICE we went in circles over
>>the fact that I feel that taking local SYSTEM on a win32 box IS a
>>problem and they don't. They tryed to say some crap like "in all our
>>years in the industry we have never had a customer state that local
>>windows security was a concern... blah blah (paraphrasing)". And
>>something along the lines of "Windows is not a true multi-user system
>>(like unix) so local escalation means nothing."
>>
>>-KF
>>
>>
>>
>> > Also, at least in MS Windows, it's my personal feeling that local
>>    
>>
>>>privilege escalation issues (particularly escalation to kernel or system
>>>status) should be critical issues.  Whether people can run arbitrary
>>>code on MS Windows systems these days isn't an exercise for the mind
>>>anymore, it's an exercise of "go look at your neighbors computer and see
>>>that it's done regularly".
>>>
>>>      
>>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>>    
>>
>
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ