Full Disclosure mailing list archives
WINDOWS XP software restriction policy [path rule] bypass...
From: bipin gautam <visitbipin () yahoo com>
Date: Sun, 28 Sep 2003 00:31:49 -0700 (PDT)
/this is my temporary email add. as my old server is getting a huze dDOS! hopefully, soon within few days i'll be using my old email address./ alternate email: bipin () focus org np [Bipin Gautam ] --- you could cc: the responce of my last email here as well... ------------------------------------------------------------------------------------------ WINDOWS XP software restriction policy [path rule] bypass... Risk level: LOW - Medium ---DESCRIPTION--- With software restriction policies, you can protect your computer environment from UN trusted code by identifying and specifying which applications are allowed to run. The applications can be identified in policy through a specified path creating a rule. The administrator can extensively control the rights of the users/applications through path rule. But under certain circumstances windows xp fails to block a application from executing from the particular directory even if the path rule of a directory is ../*.* [disallowed] But surprisingly, I was only able to execute the file from a restricted directory that was in FAT file system. [Doesn't seem to work in NTFS] ---[EXPLOIT]--- Excludable files could be run from the restricted directory. [Path rule restriction] http://www.geocities.com/visitbipin/ms.zip Create a path rule say, ../*.* [disallowed] to your desktop and reboot your computer. Well, now windows will not allow to you to execute any common excludable from your desktop. Copy the "CTR trouble!.COM" & "safe.EXE" to your desktop and try executing it. Well, surprisingly windows will allow you to execute the files. [JUST AN EXAMPLE] --[Background Information]-- The bug was originally discovered by hUNT3R, [myself] a member of 01 Security Submission. The vendor was notified via email. http://www.ysgnet.com/hn __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly), (continued)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) Michael Scheidell (Sep 29)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) George Capehart (Sep 29)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) Michael Scheidell (Sep 29)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 28)
- RE: CyberInsecurity: The cost of Monopoly Joe (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Jonathan A. Zdziarski (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Joe (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Jonathan A. Zdziarski (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Joe (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Jonathan A. Zdziarski (Sep 28)
- WINDOWS XP software restriction policy [path rule] bypass... bipin gautam (Sep 28)
- RE: CyberInsecurity: The cost of Monopoly Jonathan A. Zdziarski (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Jeremiah Cornelius (Sep 28)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 30)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly morning_wood (Sep 30)
- Re: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 30)
- More on Dan Geer Stormwalker (Sep 30)
- Re: More on Dan Geer madsaxon (Sep 30)