Abe Getchell wrote:
When the security option "Shutdown: Allow system to be shutdown without
having to log on" (in the local security policy) is set to "Disable", and
the power management setting "When I press the power button" is set to "Shut
Down", it is possible for an unauthenticated user to p
-Original Message-
From: Abe Getchell [mailto:[EMAIL PROTECTED]
Sent: Friday, 18 July 2008 12:39 PM
To: bugtraq@securityfocus.com
Subject: Windows Vista Power Management & Local Security Policy
> When the security option "Shutdown: Allow system to be shutdown without
having to log on" (
People in this discussion have been focusing on the technical aspects
rather than the people aspect.
The current power management system is MUCH more secure because people
do not have to be given an account on the machine for them to shut it
down.
This is helpful when an admin can not get to a ma
PROTECTED]
> Sent: Tuesday, July 22, 2008 11:15 AM
> To: bugtraq@securityfocus.com
> Subject: RE: Windows Vista Power Management & Local Security Policy
>
> So is this the bottom line?
>
> This is a security mechanism bug that might lead to privilege
> escalation
> for arbitrary user processes. The OP has left it for others to
> determine
> exploitability.
>
L PROTECTED]
Sent: Tuesday, July 22, 2008 8:15 AM
To: bugtraq@securityfocus.com
Subject: RE: Windows Vista Power Management & Local Security Policy
So is this the bottom line?
This is a security mechanism bug that might lead to privilege escalation
for arbitrary user processes. The OP has left it for others to determine
exploitability.
So is this the bottom line?
This is a security mechanism bug that might lead to privilege escalation
for arbitrary user processes. The OP has left it for others to determine
exploitability.
om: Jim Harrison [mailto:[EMAIL PROTECTED]
> Sent: Sunday, July 20, 2008 4:33 PM
> To: '[EMAIL PROTECTED]'; 'Thor (Hammer of God)'; 'Johan Beisser'
> Cc: bugtraq@securityfocus.com
> Subject: RE: Windows Vista Power Management & Local Security Policy
>
getchell.com/
> -Original Message-
> From: Thor (Hammer of God) [mailto:[EMAIL PROTECTED]
> Sent: Saturday, July 19, 2008 6:20 PM
> To: [EMAIL PROTECTED]; Jim Harrison; bugtraq@securityfocus.com
> Subject: RE: Windows Vista Power Management & Local Security Policy
>
&
: Saturday, July 19, 2008 6:20 PM
> To: [EMAIL PROTECTED]; Jim Harrison; bugtraq@securityfocus.com
> Subject: RE: Windows Vista Power Management & Local Security Policy
>
> If Jim is going to get Nancy to run a program, and that's "not all that
> hard," then w
not hard). So what
> can
> _I_ do with this bug? Not much, I'm not that great of a programmer...
> but I
> think someone out there could do some nasty stuff.
>
> --
> Abe Getchell
> [EMAIL PROTECTED]
> https://abegetchell.com/
>
>
> > -----Origina
nal Message-
> From: Jim Harrison [mailto:[EMAIL PROTECTED]
> Sent: Saturday, July 19, 2008 1:36 AM
> To: '[EMAIL PROTECTED]'; bugtraq@securityfocus.com
> Subject: RE: Windows Vista Power Management & Local Security Policy
>
> Abe,
>
> Other than a denial
Abe,
Other than a denial-of-service from the console (is the power switch now a
security vuln, too?), what can you do with this bug? It's absolutely,
unquestionably a "bug"; the user should see behavior as dictated by logic and
described in the documentation, but a "security vulnerability"?
I
12 matches
Mail list logo
