Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Microsoft Security Bulletin (MS99-051) (fwd)
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Tue, 30 Nov 1999 09:55:14 -0800

At 10:09 PM 11/29/99 -0500, Jim Knoble wrote:

: This vulnerability would primarily affect machines that allow normal users
: to interactively log onto them. The patch eliminates this vulnerability by
: digitally signing all AT jobs at creation time, and verifying the signature
: at execution time.

Is this really a solution to the problem?  It seems to me that the
actual problem is this part

   if a malicious user had change access to an existing file owned by
   an administrator (it would not need to be an AT job), he or she
   could modify it to be a valid AT job and place in the appropriate
   folder for execution[....]

This could happen a lot of different ways.  An admin could have created a
file in the temp directory, and it got left somehow.  Although this
situation isn't ideal, there are lots of scenarios where there will exist
some junk file that isn't being used which admins own, and everyone can
change.  You'll have to do some hunting to find one, as the more important
files won't have change control granted to ordinary users.

Isn't that true for most files to which a malicious user has `change'

Shouldn't be the case very often.

Regardless of that, how does the patch stop malicious users from
producing AT jobs that have valid signatures and putting them in place?

The signature is based on a unique certificate that is stored in the
private data, and only admins can access the certificate.  So your
requirement to use this method (post-fix) to become admin is to be admin.

[snip problems with getting to FAQ, etc. - I don't know why it isn't
working right]

Hope this answers at least some of your questions.

David LeBlanc
dleblanc () mindspring com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]