Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Tue, 05 Dec 2006 12:19:40 -0800


On 12/5/06 11:16 AM, "eugeny gladkih" <john () drweb com> spoketh to all:

"MS" == Michael Scheidell <scheidell () secnap net> writes:

we've found local privilege escalation in Symantec LiveState agent.

PoC:

1. kill shstart.exe process

 MS> Wouldn't you have to be administrator to kill shstart.exe?

LocalSystem account has more privilegies then administrator's one.


The local administrator can do whatever he wants, including just setting the
startup context of a service to run as LocalSystem.  Any "privileged
escalation" that requires you to already be an administrator is not an issue
at all, period. For the one-millionth-and-second time, any "issue" that
begins with "if you are a local administrator, then you can..."  is a
non-issue and a waste of everyone's time.

That is the skinny on that.

t



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]