| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 May 2014 19:46:15 +0200
From: Reindl Harald <h.reindl@...lounge.net>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Beginners error: Hewlett-Packards driver software executes
rogue binary C:\Program.exe
Am 21.05.2014 19:39, schrieb Tavis Ormandy:
> 1. The users who do not have Administrator privileges; These users
> cannot exploit this issue, because they can't write to C:\
> 2. The users who do have Administrator privileges. These users can
> write to C:\, but why bother, they're already Administrators?
you just don't understand the problem
creating "C:\Program.exe" with whatever permissions should
not lead in any random installer ist executing that
> Of course, this changes if someone can demonstrate how to create
> C:\Program.exe without Administrator access
you just don't understand the problem
the existence of "C:\Program.exe" must not have any bad affect
for any random installer not intending to execute this and
the fact a installer executes that because it simply exists
shows a *general flaw* in that installer
Download attachment "signature.asc" of type "application/pgp-signature" (247 bytes)
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists