Full Disclosure mailing list archives
Re: Privilege Scalation for Windows Networks using weak Service restrictions v2.0 exploit
From: Andres Tarasco <atarasco () gmail com>
Date: Mon, 13 Feb 2006 00:19:47 +0100
Hi, Not all windows versions are affected. The services listed below have been found on several pen-tests. As far as i know, the only way to know if you system is vulnerable to this issue, is testing it with srvcheck because i have found win2k server boxes, with all patches, with more than 20 vulnerable services. Why? maybe admins.. maybe an old FAT32 file system... If your computer has a vulnerable service, just deploy an administrative template (.inf) with the right permissions (remove modify privileges for everyone/authenticated users/power users/... accounts) regards, Andres Tarasco 2006/2/12, ad () heapoverflow com <ad () heapoverflow com>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andres Tarasco wrote:Proof of concept of Sudhakar Govindavajhala and Andrew Appel paper (http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf) Running as an unprivileged user you can test if your services are vulnerable and can be used to install a backdoor. Both source code and binary included *Microsoft advisory: http://microsoft.com/technet/security/advisory/914457.mspx* *SrvCheck v2.0 is able to perform this checks remotely using for example domain user credentials* *Here is a short list of Known vulnerable services under XP sp2:* *- Advanced User: * service: DcomLaunch ( SYSTEM ) Service: UpnpHost ( Local Service ) Service: SSDPSRV (Local Service) *- User: * Service: UpnpHost ( Local Service ) Service: SSDPSRV (Local Service) *- Network Config Operators:* service: DcomLaunch ( SYSTEM ) Service: UpnpHost ( Local Service ) Service: SSDPSRV (Local Service) Service: DHCP ( SYSTEM ) Service: NetBT (SYSTEM - .sys driver) Service DnsCache (SYSTEM)but ms put *Is this a security vulnerability that requires Microsoft to issue a security update?* Microsoft is still investigating this issue. Customers who have installed Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 are not affected by this issue. ?? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ++CaK+LRXunxpxfAQIKgRAA3v7vc+8wGM+qFS73NmYtvsYpBPgfjRUo ph7vPpvZd8gNVCGHPhES8DHvER+a4h5wzqSOBjBgwhuWFqlFPRlKxsXsM0+s4Qza PfLyJ6aMFqqxEfDBA6KxHJxtvOAX8uwj4PBLhIqH51pP5U6qziU7RbRf4i2yvWsG jm/ArJGmiKSgRYwJmOHnVZSxXm/Ivd4+FcBe8MqaCmYCm0qeOi/8w2uZ5rl4/uTw IfM/5HWxBCwcujUNzVg6/xcTiB+d/Ve6TtI/+MLbtmxBiyYVP5rJtWsYexy1Gt97 lheOZJbsmF30SQh+UcWh2dDHVl3ToDcaVWA+5z8LKVsqefqMesi6Fm/tVn4pEU2M 9Bdro0TtrdtridlFDmeTU5594aQFR+V+q1m8eVb7osEbgEdsS1QZC7e9ulfMCAIJ fI6a/6VPMyjuuYlK0vMHLEpTPbZCgSqG+XaWMM7qX8FkqTymQjPAk0JRjriV8MC5 eB3lV0C+0VHqke+yvXwQMD4pudb1+kNiB4rd/66Y/1d+Soe3O3E31/piOvKIHrxS wNZmssBVCFuxcoS8sbhh7H8LKE7uu+4q+Vc/J23orPna4lKfQvYQvxKfz8qoNGwb Aui67vNRxRbYfPJNG7MCRQaRgBIbgAE6n2gRBzR+lSQvrAsa0EpxMPanquD4Rm0k FFyMk03Essg= =hRrT -----END PGP SIGNATURE-----
-- Loco de aTar
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Privilege Scalation for Windows Networks using weak Service restrictions v2.0 exploit Andres Tarasco (Feb 12)
- Re: Privilege Scalation for Windows Networks using weak Service restrictions v2.0 exploit ad () heapoverflow com (Feb 12)
- Re: Privilege Scalation for Windows Networks using weak Service restrictions v2.0 exploit Andres Tarasco (Feb 12)
- Re: Privilege Scalation for Windows Networks using weak Service restrictions v2.0 exploit ad () heapoverflow com (Feb 12)