Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [Full-disclosure] Re: [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability
From: Tom Ferris <tommy () security-protocols com>
Date: Tue, 13 Dec 2005 13:22:38 -0800 (PST)

Retina can do remote registry, and file version checks with the proper credentials. So more than likely, its doing a registry check for the hotfix.

Tom Ferris
Researcher
www.security-protocols.com
Key fingerprint = 0DFA 6275 BA05 0380 DD91  34AD C909 A338 D1AF 5D78

On Tue, 13 Dec 2005, Dave Korn wrote:

Joshua Russel wrote in
news:7a282fc30512131028g40d65517k2254283bfecec6db () mail gmail com
It is a local vulnerability, then how does Retina claims to scan it
remotely?

 Well, at a guess....

On 12/13/05, Advisories <Advisories () eeye com> wrote:

Systems Affected:
Windows NT 4.0
Windows 2000

Beginning with Windows XP, KeFlushQueueApc contains a code fix that
resolves this vulnerability.

... it just looks to see if the O/S is XP/2K3 or NT/2K.

   cheers,
     DaveK
--
Can't think of a witty .sigline today....



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault