[33839] in bugtraq
RE: Multiple WinXP kernel vulns can give user mode programs kernel mode
daemon@ATHENA.MIT.EDU (first last)
Thu Feb 19 14:50:42 2004
From: "first last" <randnut@hotmail.com>
To: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
Date: Thu, 19 Feb 2004 14:32:01 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <BAY12-F60vjkO22ZhCl00005e22@hotmail.com>
>From: "Alun Jones" <alun@texis.com>
>Umm... yes. And?
>
>May I quote from the Windows 2000 Server Resource Kit?
>
>"Debug programs
>"(SeDebugPrivilege)
>"Allows the user to attach a debugger to any process. This privilege
>provides access to sensitive and critical operating system components.
>By default, this privilege is assigned to Administrators."
Where in that quote does it say that NtSystemDebugControl() doesn't check
user pointers, and allows you direct hardware access? This advisory is about
2 pointer bugs in NtSystemDebugControl() and what you can do with the help
of NtSystemDebugControl().
>The user is also capable of injecting code into other processes of any
>kind,
>so could install a device driver whether or not he was an administrator.
Yes, I'm well aware of that. But that's old news.
_________________________________________________________________
Store more e-mails with MSN Hotmail Extra Storage – 4 plans to choose from!
http://click.atdmt.com/AVE/go/onm00200362ave/direct/01/
