[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] RE: Multiple WinXP kernel vulns can give user mode programs kernel mode

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] RE: Multiple WinXP kernel vulns can give user mode programs kernel mode
From: omg@wired.ie
Date: Thu, 19 Feb 2004 15:23:58 -0000 (GMT)

Alun Jones spouted this

> These are not vulnerabilities at all.  This is how the SeDebugPrivilege is
> supposed to work.

No its not.

This could be used for bypasses host based IDS for one thing, I think
thats pretty useful from an attackers point of view no? Theres quite a few
prodcuts that try and protect the NT kernel from modification by hooking
the SCM calls and NtSetSystemInformation(and \\device\physicalmemory of
course) so that you cant load a .sys file. Also this allows you to modify
the kernel without having a .sys file which is kinda cool.

Its more informative than the 'gayer than aids' thread anyway



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] Re: Aol IM /Microsoft IE remote code execution
Next by Date: Re: [Full-Disclosure] ASN.1 =3D eEye bullshit costs millions
Previous by thread: [Full-Disclosure] NetBSD Security Advisory 2004-001: Insufficient packet validation in racoon IKE daemon
Next by thread: [Full-Disclosure] Cisco Security Advisory: Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities
Index(es):
- Date
- Thread