mailing list archives
Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Tue, 05 Dec 2006 12:19:40 -0800
On 12/5/06 11:16 AM, "eugeny gladkih" <john () drweb com> spoketh to all:
"MS" == Michael Scheidell <scheidell () secnap net> writes:
we've found local privilege escalation in Symantec LiveState agent.
1. kill shstart.exe process
MS> Wouldn't you have to be administrator to kill shstart.exe?
LocalSystem account has more privilegies then administrator's one.
The local administrator can do whatever he wants, including just setting the
startup context of a service to run as LocalSystem. Any "privileged
escalation" that requires you to already be an administrator is not an issue
at all, period. For the one-millionth-and-second time, any "issue" that
begins with "if you are a local administrator, then you can..." is a
non-issue and a waste of everyone's time.
That is the skinny on that.