Full Disclosure mailing list archives

RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges

From: "first last" <randnut () hotmail com>
Date: Thu, 19 Feb 2004 14:32:01 +0000

From: "Alun Jones" <alun () texis com>
Umm... yes.  And?

May I quote from the Windows 2000 Server Resource Kit?

"Debug programs
"(SeDebugPrivilege)
"Allows the user to attach a debugger to any process. This privilege
provides access to sensitive and critical operating system components.
By default, this privilege is assigned to Administrators."

Where in that quote does it say that NtSystemDebugControl() doesn't checkuser pointers, and allows you direct hardware access? This advisory is about2 pointer bugs in NtSystemDebugControl() and what you can do with the helpof NtSystemDebugControl().

The user is also capable of injecting code into other processes of anykind,
so could install a device driver whether or not he was an administrator.


Yes, I'm well aware of that. But that's old news.

_________________________________________________________________

Store more e-mails with MSN Hotmail Extra Storage 4 plans to choose from!http://click.atdmt.com/AVE/go/onm00200362ave/direct/01/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Multiple WinXP kernel vulns can give user mode programs kernel mode privileges first last (Feb 18)
- Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges 3APA3A (Feb 19)
- RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges Alun Jones (Feb 19)
- <Possible follow-ups>
- Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges auto4751 (Feb 18)
- RE: Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges first last (Feb 19)
- RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges first last (Feb 19)