Bugtraq mailing list archives

Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation

From: eugeny gladkih <john () drweb com>
Date: Tue, 05 Dec 2006 22:16:45 +0300

"MS" == Michael Scheidell <scheidell () secnap net> writes:

we've found local privilege escalation in Symantec LiveState agent.

PoC:

1. kill shstart.exe process


 MS> Wouldn't you have to be administrator to kill shstart.exe?

LocalSystem account has more privilegies then administrator's one.

-- 
Yours sincerely, Eugeny.
Doctor Web, Ltd. http://www.drweb.com

Current thread:

Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation ss_team (Dec 04)
- <Possible follow-ups>
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Michael Scheidell (Dec 05)
  - Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation eugeny gladkih (Dec 05)
    - Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Steve Shockley (Dec 05)
    - Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Ansgar -59cobalt- Wiechers (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Thor (Hammer of God) (Dec 05)
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Michael Scheidell (Dec 06)