| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <58DB1B68E62B9F448DF1A276B0886DF16EB719BD@EX2010.hammerofgod.com> Date: Mon, 13 Dec 2010 20:17:39 +0000 From: "Thor (Hammer of God)" <thor@...merofgod.com> To: David Gillett <gillettdavid@...a.edu>, 'George Carlson' <gcarlson@...s.edu>, "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>, "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002) You knew where I was going with that, and I know that YOU know all this, so I'll just leave that one alone :) t >-----Original Message----- >From: David Gillett [mailto:gillettdavid@...a.edu] >Sent: Monday, December 13, 2010 11:14 AM >To: Thor (Hammer of God); 'George Carlson'; bugtraq@...urityfocus.com; >full-disclosure@...ts.grok.org.uk >Subject: RE: [Full-disclosure] Flaw in Microsoft Domain AccountCachingAllows >Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as >Cached Domain Admin Accounts (2010-M$-002) > >If our users hadn't been local admins (not my choice), they would not have >been able to eject Domain Admins from the Local Admins group in the first >place.... > >David Gillett > >-----Original Message----- >From: Thor (Hammer of God) [mailto:thor@...merofgod.com] >Sent: Monday, December 13, 2010 10:49 >To: David Gillett; 'George Carlson'; bugtraq@...urityfocus.com; full- >disclosure@...ts.grok.org.uk >Subject: RE: [Full-disclosure] Flaw in Microsoft Domain AccountCachingAllows >Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as >Cached Domain Admin Accounts (2010-M$-002) > >You made all domain users local admin? Or did you do some sort of RUNAS in >the logon script? > >>-----Original Message----- >>From: David Gillett [mailto:gillettdavid@...a.edu] >>Sent: Monday, December 13, 2010 10:16 AM >>To: Thor (Hammer of God); 'George Carlson'; bugtraq@...urityfocus.com; >>full-disclosure@...ts.grok.org.uk >>Subject: RE: [Full-disclosure] Flaw in Microsoft Domain Account >>CachingAllows Local Workstation Admins to Temporarily Escalate >>Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002) >> >>> If I take the domain admin out of my local administrators, they can't >>> do >>anything. Done. >> >> Back when I did AD/domain support, all domain user accounts got a >>profile that included a trivial script to re-add Domain Admins to the >>Local Admins group. So this kind of local removal shenanigans lasted >>only until the user next logged into the domain. >> >>David Gillett _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists