| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200501271550.j0RFos38027002@turing-police.cc.vt.edu> From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Terminal Server vulnerabilities On Thu, 27 Jan 2005 09:00:39 +0100, "Nicolas RUFF (lists)" said: > But I would point out something much more important : there are many > more local exploits than remote (on Windows just like any other OS). > > Local exploits : about 1-2 a month > * POSIX - OS/2 subsystem exploitation > * Debugging subsystem exploitation (DebPloit) > * 16-bit subsystem exploitation (NTVDM) > * Shatter Attacks > * Etc. > > Remote exploits : about once a year > * RPC/DCOM (blaster) > * LSASS (sasser) > > Basically, if you are logged in as an unpriviledged user on a Terminal > Server, you can easily become SYSTEM. If this Terminal Server is also a > Domain Controller, game over. You forgot one important factor - the use of IE and Outlook for the fast direct-to-customer delivery of local exploits. Which *also* results in a Game Over.... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050127/614854b1/attachment.bin
Powered by blists - more mailing lists