Re: Multiple OS kernel insecure handling of stdio file descriptor
SP == Shiva Persaud [EMAIL PROTECTED] writes: XFOCUS team (http://www.xfocus.org/) had discovered Multiple OS kernel insecure handling of stdio file descriptor. === Affected OS Version AIX 5.3 SP The AIX Security Team can be reached at [EMAIL PROTECTED] SP We have investigated this issue and AIX is not affected. A privileged SP process will not inherit closed file descriptors for stdio, stdout and SP stderr. well, but what is used for stdout if it's closed in the parent process just before fork(2) call?! -- Yours sincerely, Eugeny. Doctor Web, Ltd. http://www.drweb.com
Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
MS == Michael Scheidell [EMAIL PROTECTED] writes: we've found local privilege escalation in Symantec LiveState agent. PoC: 1. kill shstart.exe process MS Wouldn't you have to be administrator to kill shstart.exe? LocalSystem account has more privilegies then administrator's one. -- Yours sincerely, Eugeny. Doctor Web, Ltd. http://www.drweb.com
Re: Symantec LiveState Agent for Windows vulnerabi
D == Damjan [EMAIL PROTECTED] writes: we've found local privilege escalation in Symantec LiveState agent. PoC: 1. kill shstart.exe process MS Wouldn't you have to be administrator to kill shstart.exe? LocalSystem account has more privilegies then administrator's one. D I don't think so. I think, SYSTEM account has less or same D privileges than Administrator. Or? SeTCBPrivilege SeCreateTokenPrivilege -- Yours sincerely, Eugeny. Doctor Web, Ltd. http://www.drweb.com