|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Symantec LiveState Agent for Windows vulnerabi
From: eugeny gladkih (john
drweb.com)
Date: Tue Dec 05 2006 - 15:24:46 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>>>>> "D" == Damjan <damjanwidesec.com> writes:
>> >> we've found local privilege escalation in Symantec LiveState agent.
>> >>
>> >> PoC:
>> >>
>> >> 1. kill shstart.exe process
>>
MS> Wouldn't you have to be administrator to kill shstart.exe?
>>
>> LocalSystem account has more privilegies then administrator's one.
D> I don't think so. I think, SYSTEM account has less or same
D> privileges than Administrator. Or?
SeTCBPrivilege SeCreateTokenPrivilege
--
Yours sincerely, Eugeny.
Doctor Web, Ltd. http://www.drweb.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]