Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Alert: Microsoft Security Bulletin (MS98-009) - Increased Privs.
- To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
- Subject: Re: Alert: Microsoft Security Bulletin (MS98-009) - Increased Privs.
- From: Jason Adam Young <jason_youngNCSU.EDU>
- Date: Wed, 29 Jul 1998 09:48:17 -0400
- Comments: To: securemicrosoft.com
- Comments: cc: NTSECURITYlistserv.ntbugtraq.com
- In-Reply-To: <199807280517.BAA11518cc09ss.unity.ncsu.edu>
- Reply-To: Jason Adam Young <jason_youngNCSU.EDU>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Running this on some of our client systems displays the error message: "You do not have file add permission in Windows directory Unable to reproduce security hole" (thanks for the error message folks) Giving the user group add will make the program work correctly. So, apparently one has to have add access to %SystemRoot% (filemon shows it's mostly system32, with one file in %SystemRoot% called u.ini) for this to work (which violates every security document recommendation that I've seen - most especially Microsoft's own document) Is this correct? Can somebody that knows a lot more about this than I do verify this? This is a problem and security hole, and I think that not having the file system rights may mask the real problem. But apparently having the appropriate filesystem permissions prevents this. Jason ---------------------------------------------- Jason Adam Young, jason_youngncsu.edu NC State University Computing Services > -----Original Message----- > From: Windows NT BugTraq Mailing List > [mailto:NTBUGTRAQLISTSERV.NTBUGTRAQ.COM]On Behalf Of Russ > Sent: Tuesday, July 28, 1998 1:09 AM > To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM > Subject: Alert: Microsoft Security Bulletin (MS98-009) - Increased > Privs. > > > Microsoft have released a Security Bulletin > <http://www.microsoft.com/security/bulletins/ms98-009.htm> which covers > a potential attack allowing a local console user to increase their > privilege through the DebugActiveProcess privilege, thereby allowing > them to become a local Administrator or perform an action normally > reserved for privileged users. The bulletin includes a link to a fix. > > Recently Microsoft was notified by Mark Joseph Edwards > <http://www.ntshop.net> <http://www.ntsecurity.net> of a Privilege > Elevation vulnerability on Microsoft(r) Windows NT(r). A program called > sechole.exe written by Prasad Dabak, Sandeep Phadke and Milind Borate > (psdabakhotmail.com, sandeepsandeephotmail.com and > milindcyberspace.org) exploits this vulnerability, and was published on > the Internet. > > Mark has more information on the problem, as well as a brief interview > with the discovers and a working copy of the program demonstrating this > serious problem. Visit his Web site where you'll find the page link at > the top of the list in the left window frame. > > Cheers, > Russ >
- Prev by Date: ALERT: security hole in zen 2.5 client for NT 4.0
- Next by Date: Security Hole in Netscape and Microsoft email clients
- Prev by thread: Re: ALERT: security hole in zen 2.5 client for NT 4.0
- Next by thread: Re: Alert: Microsoft Security Bulletin (MS98-009) - Increased Privs.