Full Disclosure mailing list archives
RE: Terminal Server vulnerabilities
From: "Stuart Fox \(DSL AK\)" <StuartF () datacom co nz>
Date: Fri, 28 Jan 2005 09:27:39 +1300
But I would point out something much more important : there are many more local exploits than remote (on Windows just like any other OS). Local exploits : about 1-2 a month * POSIX - OS/2 subsystem exploitation * Debugging subsystem exploitation (DebPloit) * 16-bit subsystem exploitation (NTVDM) * Shatter Attacks * Etc. Remote exploits : about once a year * RPC/DCOM (blaster) * LSASS (sasser) Basically, if you are logged in as an unpriviledged user on a Terminal Server, you can easily become SYSTEM. If this Terminal Server is also a Domain Controller, game over.You forgot one important factor - the use of IE and Outlook for the fast direct-to-customer delivery of local exploits. Which *also* results in a Game Over....
Assuming that the IE/Outlook bugs are privilege escalation bugs. There seem to be relatively few of those - all of the recent ones have given you credentials of the local user, not localsystem (or even admin).
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Terminal Server vulnerabilities, (continued)
- Re: Terminal Server vulnerabilities Nicolas RUFF (lists) (Jan 27)
- Re: Terminal Server vulnerabilities Valdis . Kletnieks (Jan 27)
- Re: Terminal Server vulnerabilities Daniel H. Renner (Jan 24)
- RE: Re: Terminal Server vulnerabilities Larry Seltzer (Jan 25)
- Re: Terminal Server vulnerabilities offtopic (Jan 25)
- RE: Re: Terminal Server vulnerabilities Mark Senior (Jan 25)
- RE: Re: Terminal Server vulnerabilities Larry Seltzer (Jan 25)
- Re: Re: Terminal Server vulnerabilities Valdis . Kletnieks (Jan 25)
- RE: Re: Terminal Server vulnerabilities Larry Seltzer (Jan 25)
- Re: Terminal Server vulnerabilities larry_seltzer_is_a_fraud (Jan 26)
- RE: Re: Terminal Server vulnerabilities Bob the Builder (Jan 26)
- RE: Terminal Server vulnerabilities Stuart Fox (DSL AK) (Jan 27)
- Re: Terminal Server vulnerabilities Nicolas RUFF (lists) (Jan 27)