Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

::SPAM:: Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 19 Feb 2004 14:09:09 +0300
Spam detection software, running on the system "cw-2-e1.crocker.com", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Dear first last, --Thursday, February 19, 2004, 1:15:20
  AM, you wrote to full-disclosure () lists netsys com: fl> There exist
  several vulnerabilities in one of Windows XP kernel's native API fl>
  functions which allow any user with the SeDebugPrivilege privilege to
  fl> execute arbitrary code in kernel mode, and read from and write to
  any memory fl> address, including kernel memory. [...] 

Content analysis details:   (5.2 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 1.9 FROM_NO_LOWER          'From' has no lower-case characters
 0.3 FROM_HAS_MIXED_NUMS    From: contains numbers mixed in with letters
 1.5 BODY_8BITS             BODY: Body includes 8 consecutive 8-bit characters
 0.7 DATE_IN_PAST_03_06     Date: is 3 to 6 hours before Received: date
 0.8 PRIORITY_NO_NAME       Message has priority setting, but no X-Mailer
--- Begin Message --- From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 19 Feb 2004 14:09:09 +0300
Dear first last,

--Thursday, February 19, 2004, 1:15:20 AM, you wrote to full-disclosure () lists netsys com:

fl> There exist several vulnerabilities in one of Windows XP kernel's native API
fl> functions which allow any user with the SeDebugPrivilege privilege to
fl> execute arbitrary code in kernel mode, and read from and write to any memory
fl> address, including kernel memory.

SeDebugPrivilege  allows you to change execution flow for any process or
kill  any  process  (for  example security subsystem or any RPC server).
This  privilege  is  enough  to  compromise  system  in thousand ways by
design. By default only Administrators have this privilege.

-- 
~/ZARAZA
Электрические шоки очень полезны для формирования характера. (Лем)

--- End Message ---
Previous By Date Next
Previous By Thread Next

Current thread: