| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <EFEDB05BD6D3904BA5A595FB322BB4FF1CC701@dnzakex1.datacom.co.nz> From: StuartF at datacom.co.nz (Stuart Fox (DSL AK)) Subject: Terminal Server vulnerabilities >> But I would point out something much more important : there are many >> more local exploits than remote (on Windows just like any other OS). >> >> Local exploits : about 1-2 a month >> * POSIX - OS/2 subsystem exploitation >> * Debugging subsystem exploitation (DebPloit) >> * 16-bit subsystem exploitation (NTVDM) >>* Shatter Attacks >> * Etc. >> >> Remote exploits : about once a year >> * RPC/DCOM (blaster) >> * LSASS (sasser) >> >> Basically, if you are logged in as an unpriviledged user on a Terminal >> Server, you can easily become SYSTEM. If this Terminal Server is also a >> Domain Controller, game over. > >You forgot one important factor - the use of IE and Outlook for the fast >direct-to-customer delivery of local exploits. Which *also* results in >a Game Over.... Assuming that the IE/Outlook bugs are privilege escalation bugs. There seem to be relatively few of those - all of the recent ones have given you credentials of the local user, not localsystem (or even admin). -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050128/916ebd2f/attachment.html
Powered by blists - more mailing lists