[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Terminal Server vulnerabilities

To: <Valdis.Kletnieks@xxxxxx>, "Nicolas RUFF (lists)" <ruff.lists@xxxxxxxxxx>
Subject: RE: [Full-Disclosure] Terminal Server vulnerabilities
From: "Stuart Fox (DSL AK)" <StuartF@xxxxxxxxxxxxx>
Date: Fri, 28 Jan 2005 09:27:39 +1300

>> But I would point out something much more important : there are many
>> more local exploits than remote (on Windows just like any other OS).
>>
>> Local exploits : about 1-2 a month
>> * POSIX - OS/2 subsystem exploitation
>> * Debugging subsystem exploitation (DebPloit)
>> * 16-bit subsystem exploitation (NTVDM)
>>* Shatter Attacks
>> * Etc.
>>
>> Remote exploits : about once a year
>> * RPC/DCOM (blaster)
>> * LSASS (sasser)
>>
>> Basically, if you are logged in as an unpriviledged user on a Terminal
>> Server, you can easily become SYSTEM. If this Terminal Server is also a
>> Domain Controller, game over.
>
>You forgot one important factor - the use of IE and Outlook for the fast
>direct-to-customer delivery of local exploits.  Which *also* results in
>a Game Over....
 
Assuming that the IE/Outlook bugs are privilege escalation bugs.  There seem to 
be relatively few of those - all of the recent ones have given you credentials 
of the local user, not localsystem (or even admin).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [lists] [Full-Disclosure] Terminal Server vulnerabilities
Next by Date: [Full-Disclosure] Re: Full-Disclosure Digest, Vol 2, Issue 58
Previous by thread: Re: [Full-Disclosure] Terminal Server vulnerabilities
Next by thread: [Full-Disclosure] MDKSA-2005:014 - Updated squid packages fix multiple vulnerabilities
Index(es):
- Date
- Thread