|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: reporting local security problems for WinNT (Re: Escalation of privileges)
From: Vladimir Dubrovin (vlad
SANDY.RU)Date: Tue Aug 08 2000 - 04:42:32 CDT
- Next message: maceo: "Re: Microsoft Windows 2000 Service Control Manager Named Pipe Impersonation Vulnerability"
- Previous message: TAKAGI, Hiromitsu: "Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole)"
- In reply to: Chris Foster: "Escalation of privileges"
- Next in thread: David LeBlanc: "Re: reporting local security problems for WinNT (Re: Escalation of privileges)"
- Next in thread: Mayers, Philip J: "Re: Escalation of privileges"
- Reply: Vladimir Dubrovin: "reporting local security problems for WinNT (Re: Escalation of privileges)"
- Reply: David LeBlanc: "Re: reporting local security problems for WinNT (Re: Escalation of privileges)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello Chris Foster,
07.08.00 20:07, you wrote: Escalation of privileges;
C> 2. Browse to the root directory for the NAV installation and rename
C> navlu32.exe to navlu32.old. Create navlu32.exe that executes the command:
Another example: AVP users can easily obtain Control Center privileges
(Local System by default - this are admin privs) by trojaning
"C:\Program Files\AntiViral Toolkit Pro\avpcc.exe" - this program
starts as a service. It's also possible to operate in kernel mode via
C:\Program Files\AntiViral Toolkit Pro\FSAVP.SYS
According to MS recommendations only Administrators group should have
Write permission for Program Files and WINNT directories. Otherwise
user can easily trojan any executable, including system services. This
problem is not NAV specific, and this is a problem of poor
configuration, not a bug.
I think all troubles with WinNT local security must be reported for
configuration, described in
http://www.microsoft.com/technet/security/c2config.asp
because in default configuration there are a lot of ways to break
local security for Windows NT via file and registry permissions.
Vladimir Dubrovin Sandy, ISP
Sandy CCd chief Customers Care dept
http://www.sandy.ru Nizhny Novgorod, Russia
- Next message: maceo: "Re: Microsoft Windows 2000 Service Control Manager Named Pipe Impersonation Vulnerability"
- Previous message: TAKAGI, Hiromitsu: "Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole)"
- In reply to: Chris Foster: "Escalation of privileges"
- Next in thread: David LeBlanc: "Re: reporting local security problems for WinNT (Re: Escalation of privileges)"
- Next in thread: Mayers, Philip J: "Re: Escalation of privileges"
- Reply: Vladimir Dubrovin: "reporting local security problems for WinNT (Re: Escalation of privileges)"
- Reply: David LeBlanc: "Re: reporting local security problems for WinNT (Re: Escalation of privileges)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]