Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Question for the Windows pros
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Thu, 19 Jan 2006 14:56:57 -0000


Paul Schmehl wrote in news:5E610DD0DFACB633154F31E7 () utd59514 utdallas edu

This is incorrect.  The privilege exists *and* functions on the
Workstation operating systems Win2000 SP4 *and* WinXP.  I have verified
this through testing.

  Yes, there's nothing new about impersonation, it's been there all the way 
back to NT.

I've already been there and read the page - several times.  I understand
*in general* what an impersonation privilege is.  I need to know
*specifically* what "server's clients" can be impersonated when this
privilege is applied to an account.  So far, I've found nothing on the web
that even attempts to address that issue.

Unfortunately, it has not.  Again, I understand *in general* what
impersonation is, how it works and what it can mean in terms of security.

I am looking *specifically* for what a user who has the privilege
Impersonate a client after authentication has the right to do.  Does it
mean that *anything* that user runs runs under his/her privileges?  Does
it mean only *local* processes are affected?  Does it mean a hacker can
access the machine remotely and run under the user's privileges?

IOW, if I have a domain account name "Joe", and I grant "Joe" this
privilege, what is placed at risk?  The local machine he's logged in to?
The entire domain?  Only certain services?  Saying it's a high risk (like
ISS does) and then not defining *precisely* what the risks are is not
helpful.

And all I was really asking for is pointers to any white papers or
conference presentations that even attempt to illuminate this issue.

It's looking like there are none.

  The info is out there, but it's scattered across a combination of MSDN, 
WDJ, OSR and similar sources.

  I started writing a full explanation yesterday when you posted this.  I'll 
try and finish it off when I get home from work this evening.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault