|
Full Disclosure
mailing list archives
RE: Terminal Server vulnerabilities
From: "Stuart Fox \(DSL AK\)" <StuartF () datacom co nz>
Date: Fri, 28 Jan 2005 09:27:39 +1300
But I would point out something much more important : there are many
more local exploits than remote (on Windows just like any other OS).
Local exploits : about 1-2 a month
* POSIX - OS/2 subsystem exploitation
* Debugging subsystem exploitation (DebPloit)
* 16-bit subsystem exploitation (NTVDM)
* Shatter Attacks
* Etc.
Remote exploits : about once a year
* RPC/DCOM (blaster)
* LSASS (sasser)
Basically, if you are logged in as an unpriviledged user on a Terminal
Server, you can easily become SYSTEM. If this Terminal Server is also a
Domain Controller, game over.
You forgot one important factor - the use of IE and Outlook for the fast
direct-to-customer delivery of local exploits. Which *also* results in
a Game Over....
Assuming that the IE/Outlook bugs are privilege escalation bugs. There seem to be relatively few of those - all of the
recent ones have given you credentials of the local user, not localsystem (or even admin).
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
- RE: Re: Terminal Server vulnerabilities, (continued)
|
Intro
