Bugtraq mailing list archives
Alert: Utility allows any user to become a member of local Admini
From: aleph1 () DFW NET (Aleph One)
Date: Tue, 8 Jul 1997 06:57:11 -0500
---------- Forwarded message ---------- Date: Fri, 4 Jul 1997 19:54:00 -0400 From: Russ <Russ.Cooper () RC ON CA> To: NTBUGTRAQ () RC ON CA Subject: Alert: Utility allows any user to become a member of local Admini strators group. Today a utility was posted publicly which allows any user on an NT system to become a member of the Administrators group of that system. Testing is currently underway to determine the extent of the utilities capabilities (e.g. whether its possible to become a domain Administrator on a PDC or BDC). It is not possible to use the utility to make a domain user a member of the domain administrators group, but it does work on local accounts. The utility requires no privileges, beyond those any normal user would have, to allow it to do its work. Microsoft have been notified (via email and Premiere support) and supplied copies of the utility. Here are David LeBlanc's initial comments; This utility consists of a DLL and an .exe, which adds a user to the administrator group. The DLL contains the imports LsaOpenPolicy(), and LsaClose(), which leads me to believe that it is opening the LSA object, and has managed to manipulate it in some manner, perhaps by intercepting a system call. This utility only works against a local account, and seems to have no effect vs. a domain account. It also creates a registry key: HKLM\Software\AntiShut, which will give an indication if it has been run. This key is created every time the app has been run, regardless of whether it succeeds. I'm still investigating how it works, what it does, etc. David LeBlanc dleblanc () mindspring com Cheers, Russ R.C. Consulting, Inc. - NT/Internet Security owner of the NTBugTraq mailing list: http://ntbugtraq.rc.on.ca/index.html
Current thread:
- Re: Solaris 2.5.1 party piece Davin Milun (Jul 03)
- Re: Solaris 2.5.1 party piece Casper Dik (Jul 03)
- Vulnerability in websendmail Razvan Dragomirescu (Jul 04)
- tar-error inter (Jul 05)
- Solution to MacDNS problem (keywords MacDNS DNS Macintosh Dan Brown (Jul 07)
- Vulnerability in websendmail (fwd) Julian Assange (Jul 07)
- Alert: Utility allows any user to become a member of local Admini Aleph One (Jul 08)
- Re: Vulnerability in websendmail Randal Schwartz (Jul 08)
- SGI Security Advisory 19970502-02-PX - xlock Vulnerability SGI Security Coordinator (Jul 08)
- Buffer Overflows exploit for SunOS 4.1.4 Willy TARREAU (Jul 08)
- GetAdmin NT exploit Christopher Klaus (Jul 08)
- Inside GetAdmin Mark Joseph Edwards (Jul 08)
- Fw: Reported Proxy-Netscape Bug Mark Joseph Edwards (Jul 08)