lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.63.0512131319460.3140@secpro.servermatrix.com>
Date: Tue Dec 13 21:18:48 2005
From: tommy at security-protocols.com (Tom Ferris)
Subject: Re: [EEYEB-20050523] Windows Kernel APC
	Data-FreeLocal Privilege Escalation Vulnerability

Retina can do remote registry, and file version checks with the proper 
credentials.  So more than likely, its doing a registry check for the 
hotfix.

Tom Ferris
Researcher
www.security-protocols.com
Key fingerprint = 0DFA 6275 BA05 0380 DD91  34AD C909 A338 D1AF 5D78

On Tue, 13 Dec 2005, Dave Korn wrote:

> Joshua Russel wrote in
> news:7a282fc30512131028g40d65517k2254283bfecec6db@...l.gmail.com
>> It is a local vulnerability, then how does Retina claims to scan it
>> remotely?
>
>  Well, at a guess....
>
>> On 12/13/05, Advisories <Advisories@...e.com> wrote:
>
>>> Systems Affected:
>>> Windows NT 4.0
>>> Windows 2000
>
>>> Beginning with Windows XP, KeFlushQueueApc contains a code fix that
>>> resolves this vulnerability.
>
> ... it just looks to see if the O/S is XP/2K3 or NT/2K.
>
>    cheers,
>      DaveK
> -- 
> Can't think of a witty .sigline today....
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ