Full Disclosure mailing list archives
Re: Re: HTML Help API - Privilege Escalation
From: KF <dotslash () snosoft com>
Date: Sat, 25 Oct 2003 06:42:32 -0400
Sebastian Niehaus wrote:
By the same token on a win32 machine when I hit ctrl alt del ... anything that says SYSTEM on it I usually take a quick peak at. There are plenty of win32 programs that run in a privleged mode. Rewording what you said .. every Winblows admin should be alert orfSYSTEM level applications (be it a service or a desktop application).KF <dotslash () snosoft com> writes: [...]I would relate this type of attack to a setuid program calling system("clear") while running as root on a unix machine. This does not mean that system() is flawed rather that when implementing this call you need to be morecareful and drop your privs.Well, if you have a programm to be run in suid mode, every Unix admin should be alerted. They are used to review the source code of this kind of stuff.
Well there are not setuid applications in win32 but as I mentioned above there are apps that run with elevated priv levels. Heck look at shatter type attacks... In the win32 world thats about as close to a local attack (on unix) against a setuid binary.You won't be able to do this with your average windows junk...
-KF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- HTML Help API - Privilege Escalation Brett Moore (Oct 24)
- Re: HTML Help API - Privilege Escalation KF (Oct 24)
- Re: HTML Help API - Privilege Escalation Sebastian Niehaus (Oct 24)
- Re: Re: HTML Help API - Privilege Escalation KF (Oct 24)
- Re: Re: HTML Help API - Privilege Escalation security snot (Oct 24)
- Re: Re: HTML Help API - Privilege Escalation KF (Oct 24)
- Re: Re: HTML Help API - Privilege Escalation security snot (Oct 26)
- Re: HTML Help API - Privilege Escalation Sebastian Niehaus (Oct 24)
- Re: HTML Help API - Privilege Escalation KF (Oct 24)
- Re: Re: HTML Help API - Privilege Escalation Valdis . Kletnieks (Oct 24)