lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1969338217.20041125131908@SECURITY.NNOV.RU>
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Subject: MS Windows Screensaver Privilege Escalation

Dear Stuart Fox (DSL AK),

--Thursday, November 25, 2004, 7:13:28 AM, you wrote to mattofak@...il.com:

SFDA> Interesting when read in the context of this:

SFDA> http://support.microsoft.com/default.aspx?scid=kb;en-us;221991&sd=tech

It  was different problem and it was really security bug. Usually user's
screensaver  is executed with user's privileges. Under Windows NT if DOS
program  (for  example  command.com) was specified as screensaver it was
executed with SYSTEM privileges. It was bug and it was patched.

Logon  screensaver  is  screensaver  configured  for .DEFAULT user. Only
Administrators  can change screensaver options for this users. Yes, it's
executed  by  system  with SYSTEM privileges. By design, Power Users can
change  any  system file - it makes it possible for Power User to change
file  for  any system service, logon screensaver, etc. It's not security
bug, it's expected behaviour for Power User's group.

-- 
~/ZARAZA
???? ??? ?????? ??????, ??? ????????? ????? ?????. (???)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ