Full Disclosure mailing list archives
RE: Multiple WinXP kernel vulns can give user mode programs kernel mode
From: omg () wired ie
Date: Thu, 19 Feb 2004 15:23:58 -0000 (GMT)
Alun Jones spouted this
These are not vulnerabilities at all. This is how the SeDebugPrivilege is supposed to work.
No its not. This could be used for bypasses host based IDS for one thing, I think thats pretty useful from an attackers point of view no? Theres quite a few prodcuts that try and protect the NT kernel from modification by hooking the SCM calls and NtSetSystemInformation(and \\device\physicalmemory of course) so that you cant load a .sys file. Also this allows you to modify the kernel without having a .sys file which is kinda cool. Its more informative than the 'gayer than aids' thread anyway _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Multiple WinXP kernel vulns can give user mode programs kernel mode omg (Feb 19)