|
osdir.com mailing list archive |
|
Subject: Re: Win32 Local Privilege Escalation when Stunnelinstalled as a System service - msg#00025List: network.stunnel.user> Submit a bug report: > http://stunnel.mirt.net/flyspray/ If it's a security issue, I'd suggest contacting Michael directly first so he can get a fix out asap. If you're looking for a disclosure roadmap, I'd suggest using the RFPolicy. -- Brian Hatch "So, do you want to say anything here?" Systems and "I was thinking about it." Security Engineer (10 more minutes of silence) http://www.ifokr.org/bri/ --Eric and Glenn Every message PGP signed
stunnel-users mailing list stunnel-users@xxxxxxxx http://stunnel.mirt.net/mailman/listinfo/stunnel-users Thread at a glance:
Previous Message by Date: click to view message previewRE: Win32 Local Privilege Escalation when Stunnelinstalled as a System serviceSubmit a bug report: http://stunnel.mirt.net/flyspray/ > -----Original Message----- > From: stunnel-users-bounces@xxxxxxxx > [mailto:stunnel-users-bounces@xxxxxxxx]On Behalf Of Ian > Sent: Wednesday, August 17, 2005 10:12 AM > To: stunnel-users@xxxxxxxx > Subject: [stunnel-users] Win32 Local Privilege Escalation when > Stunnelinstalled as a System service > > > Hi, > > There is a trivial to exploit Local Privilege Escalation when stunnel > is installed as a system service on windows. > > Who should I inform of this so a fix can be made? > > Thanks > > Ian > -- > > _______________________________________________ > stunnel-users mailing list > stunnel-users@xxxxxxxx > http://stunnel.mirt.net/mailman/listinfo/stunnel-users > _______________________________________________ stunnel-users mailing list stunnel-users@xxxxxxxx http://stunnel.mirt.net/mailman/listinfo/stunnel-users Next Message by Date: click to view message previewRe: Win32 Local Privilege Escalation when Stunnelinstalled as a System service"Ian" <cobalt-users1@xxxxxxxxxxxxx> wrote: There is a trivial to exploit Local Privilege Escalation when stunnel is installed as a system service on windows. Who should I inform of this so a fix can be made? Me. 8-) I'm aware about this problem. It is easily possible to get localsystem privileges on Windows when stunnel is running as a service. Because: 1. There are thousands of other ways to do it. Windows uses Swiss Cheese Local Security Model. http://en.wikipedia.org/wiki/Swiss_cheese 2. Virtually everyone uses an administrator account, so can gain localsystem privileges easily. The current status of this bug is WONTFIX, but I'm open to persuasion. Best regards, Mike _______________________________________________ stunnel-users mailing list stunnel-users@xxxxxxxx http://stunnel.mirt.net/mailman/listinfo/stunnel-users Previous Message by Thread: click to view message previewRE: Win32 Local Privilege Escalation when Stunnelinstalled as a System serviceSubmit a bug report: http://stunnel.mirt.net/flyspray/ > -----Original Message----- > From: stunnel-users-bounces@xxxxxxxx > [mailto:stunnel-users-bounces@xxxxxxxx]On Behalf Of Ian > Sent: Wednesday, August 17, 2005 10:12 AM > To: stunnel-users@xxxxxxxx > Subject: [stunnel-users] Win32 Local Privilege Escalation when > Stunnelinstalled as a System service > > > Hi, > > There is a trivial to exploit Local Privilege Escalation when stunnel > is installed as a system service on windows. > > Who should I inform of this so a fix can be made? > > Thanks > > Ian > -- > > _______________________________________________ > stunnel-users mailing list > stunnel-users@xxxxxxxx > http://stunnel.mirt.net/mailman/listinfo/stunnel-users > _______________________________________________ stunnel-users mailing list stunnel-users@xxxxxxxx http://stunnel.mirt.net/mailman/listinfo/stunnel-users Next Message by Thread: click to view message previewRe: Win32 Local Privilege Escalation when Stunnelinstalled as a System service"Ian" <cobalt-users1@xxxxxxxxxxxxx> wrote: There is a trivial to exploit Local Privilege Escalation when stunnel is installed as a system service on windows. Who should I inform of this so a fix can be made? Me. 8-) I'm aware about this problem. It is easily possible to get localsystem privileges on Windows when stunnel is running as a service. Because: 1. There are thousands of other ways to do it. Windows uses Swiss Cheese Local Security Model. http://en.wikipedia.org/wiki/Swiss_cheese 2. Virtually everyone uses an administrator account, so can gain localsystem privileges easily. The current status of this bug is WONTFIX, but I'm open to persuasion. Best regards, Mike _______________________________________________ stunnel-users mailing list stunnel-users@xxxxxxxx http://stunnel.mirt.net/mailman/listinfo/stunnel-users Loading Comments...
|
|
