Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Nimda - Local Privilege escalation?

From: ross_bushby () cardinal co uk
Date: Wed, 19 Sep 2001 13:23:50 +0100
Hi,

   As I understand it the unicode vulnerability allows the attacker to run
commands under the IUSR_Machine context.
My question is this, given that Nimda attempts to add the user Guest to the
local administrators group it must also perform some sort of Local
priviledge escalation as this operation would not be possible by the
IUSR_machine account.

Does this make sense or am I missing something.

Regards,

 Ross.

-
Ross Bushby
Network Security Consultant
Real Solutions.                                     Tel:0208 3914080
Units B&C, Oakcroft Business Centre,  Fax:0208 391 4081
Oakcroft Rd, Chessington        Web:http://www.cardinal.co.uk
Surrey, KT9 1RH           E-mail: Ross_bushby () cardinal co uk


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: