RE: Multiple WinXP kernel vulns can give user mode programs kernel mode

[omg () wired ie]

Alun Jones spouted this

> These are not vulnerabilities at all.  This is how the SeDebugPrivilege is
> supposed to work.

No its not.

This could be used for bypasses host based IDS for one thing, I think
thats pretty useful from an attackers point of view no? Theres quite a few
prodcuts that try and protect the NT kernel from modification by hooking
the SCM calls and NtSetSystemInformation(and \\device\physicalmemory of
course) so that you cant load a .sys file. Also this allows you to modify
the kernel without having a .sys file which is kinda cool.

Its more informative than the 'gayer than aids' thread anyway



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html