Vulnerability Development mailing list archives
Re: Windows Elevation of privileges
From: "Blake Watts" <bwatts () securityinternals com>
Date: Tue, 12 Mar 2002 17:16:47 -0700
There are many well-known methods of privilege escalation on Windows NT/2000/XP. Several, like buffer overflows, are generic and non-Windows specific. An example of one specific to Windows is a technique I discovered in 2000, known as named pipe instance creation race conditions. Basically, if a privileged process, like the Service Control Manager, attempts to connect to a pipe that an attacker can guess and be the first to create it, then the attacker can impersonate the client (using ImpersonateNamedPipeClient) to elevate his privileges. I intend to release a paper documenting the discovery and alleviation of these sometime within the next few weeks. Here are some resources for the interim: http://www.guardent.com/A0108022000.html http://online.securityfocus.com/archive/1/74523 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bull etin/MS00-053.asp http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Another interesting privilege escalation bug was discovered by Todd Sabin: http://razor.bindview.com/publish/advisories/LPCAdvisory.html Regards, Blake Watts http://www.securityinternals.com ----- Original Message ----- From: "Sebastian Muñiz" <smuniz () elinpar com> To: <vuln-dev () securityfocus com> Sent: Tuesday, March 12, 2002 11:35 AM Subject: Windows Elevation of privileges Does anyone know where can i find some papers about Elevation of privileges on Windows (NT/2000) or source code of actual exploits of the kind (like sechole) ?? Thanks!!!! Sebastian Muñiz Elinpar S.A..- Ingenieria / Serv. Profesionales
Current thread:
- Windows Elevation of privileges Sebastian Muñiz (Mar 12)
- Re: Windows Elevation of privileges Arturo "Buanzo" Busleiman (Mar 12)
- Re: Windows Elevation of privileges H D Moore (Mar 12)
- RE: Windows Elevation of privileges Majid Almassari (Mar 12)
- RE: Windows Elevation of privileges Bejon Parsinia (Mar 12)
- Re: Windows Elevation of privileges Blake Watts (Mar 12)