Bugtraq mailing list archives
reporting local security problems for WinNT (Re: Escalation of privileges)
From: Vladimir Dubrovin <vlad () sandy ru>
Date: Tue, 8 Aug 2000 13:42:32 +0400
Hello Chris Foster, 07.08.00 20:07, you wrote: Escalation of privileges; C> 2. Browse to the root directory for the NAV installation and rename C> navlu32.exe to navlu32.old. Create navlu32.exe that executes the command: Another example: AVP users can easily obtain Control Center privileges (Local System by default - this are admin privs) by trojaning "C:\Program Files\AntiViral Toolkit Pro\avpcc.exe" - this program starts as a service. It's also possible to operate in kernel mode via C:\Program Files\AntiViral Toolkit Pro\FSAVP.SYS According to MS recommendations only Administrators group should have Write permission for Program Files and WINNT directories. Otherwise user can easily trojan any executable, including system services. This problem is not NAV specific, and this is a problem of poor configuration, not a bug. I think all troubles with WinNT local security must be reported for configuration, described in http://www.microsoft.com/technet/security/c2config.asp because in default configuration there are a lot of ways to break local security for Windows NT via file and registry permissions. Vladimir Dubrovin Sandy, ISP Sandy CCd chief Customers Care dept http://www.sandy.ru Nizhny Novgorod, Russia http://www.security.nnov.ru
Current thread:
- Escalation of privileges Chris Foster (Aug 07)
- reporting local security problems for WinNT (Re: Escalation of privileges) Vladimir Dubrovin (Aug 08)
- Re: reporting local security problems for WinNT (Re: Escalation of privileges) David LeBlanc (Aug 09)
- Re: reporting local security problems for WinNT (Re: Escalation of privileges) William D. Colburn (aka Schlake) (Aug 10)
- Re: reporting local security problems for WinNT (Re: Escalation of privileges) Tom Perrine (Aug 11)
- Re: reporting local security problems for WinNT (Re: Escalation of privileges) David LeBlanc (Aug 09)
- reporting local security problems for WinNT (Re: Escalation of privileges) Vladimir Dubrovin (Aug 08)
- Re: Escalation of privileges Nicolas Rachinsky (Aug 09)
- <Possible follow-ups>
- Re: Escalation of privileges Mayers, Philip J (Aug 08)
- Re: Escalation of privileges Kenn Humborg (Aug 09)
- Re: Escalation of privileges Adam Richard (Aug 10)