lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun Feb 12 18:46:13 2006
From: ad at heapoverflow.com (ad@...poverflow.com)
Subject: Privilege Scalation for Windows Networks using
	weak Service restrictions v2.0 exploit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Andres Tarasco wrote:
> Proof of concept of Sudhakar Govindavajhala and Andrew Appel paper
> (http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf) Running
> as an unprivileged user you can test if your services are
> vulnerable and can be used to install a backdoor. Both source code
> and binary included *Microsoft advisory:
> http://microsoft.com/technet/security/advisory/914457.mspx*
>
> *SrvCheck v2.0 is able to perform this checks remotely using for
> example domain user credentials* *Here is a short list of Known
> vulnerable services under XP sp2:*
>
> *- Advanced User: * service: DcomLaunch ( SYSTEM ) Service:
> UpnpHost ( Local Service ) Service: SSDPSRV (Local Service) *-
> User: * Service: UpnpHost ( Local Service ) Service: SSDPSRV (Local
> Service) *- Network Config Operators:* service: DcomLaunch ( SYSTEM
> ) Service: UpnpHost ( Local Service ) Service: SSDPSRV (Local
> Service) Service: DHCP ( SYSTEM ) Service: NetBT (SYSTEM - .sys
> driver) Service DnsCache (SYSTEM)

but ms put

*Is this a security vulnerability that requires Microsoft to issue a
security update?*
Microsoft is still investigating this issue. Customers who have
installed Windows XP Service Pack 2 and Windows Server 2003 Service
Pack 1 are not affected by this issue.




??
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ++CaK+LRXunxpxfAQIKgRAA3v7vc+8wGM+qFS73NmYtvsYpBPgfjRUo
ph7vPpvZd8gNVCGHPhES8DHvER+a4h5wzqSOBjBgwhuWFqlFPRlKxsXsM0+s4Qza
PfLyJ6aMFqqxEfDBA6KxHJxtvOAX8uwj4PBLhIqH51pP5U6qziU7RbRf4i2yvWsG
jm/ArJGmiKSgRYwJmOHnVZSxXm/Ivd4+FcBe8MqaCmYCm0qeOi/8w2uZ5rl4/uTw
IfM/5HWxBCwcujUNzVg6/xcTiB+d/Ve6TtI/+MLbtmxBiyYVP5rJtWsYexy1Gt97
lheOZJbsmF30SQh+UcWh2dDHVl3ToDcaVWA+5z8LKVsqefqMesi6Fm/tVn4pEU2M
9Bdro0TtrdtridlFDmeTU5594aQFR+V+q1m8eVb7osEbgEdsS1QZC7e9ulfMCAIJ
fI6a/6VPMyjuuYlK0vMHLEpTPbZCgSqG+XaWMM7qX8FkqTymQjPAk0JRjriV8MC5
eB3lV0C+0VHqke+yvXwQMD4pudb1+kNiB4rd/66Y/1d+Soe3O3E31/piOvKIHrxS
wNZmssBVCFuxcoS8sbhh7H8LKE7uu+4q+Vc/J23orPna4lKfQvYQvxKfz8qoNGwb
Aui67vNRxRbYfPJNG7MCRQaRgBIbgAE6n2gRBzR+lSQvrAsa0EpxMPanquD4Rm0k
FFyMk03Essg=
=hRrT
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ