BugTraq
Re: Symantec LiveState Agent for Windows vulnerabi Dec 05 2006 08:09PM
Damjan (damjan widesec com) (1 replies)
Re: Symantec LiveState Agent for Windows vulnerabi Dec 05 2006 09:24PM
eugeny gladkih (john drweb com)
>>>>> "D" == Damjan <damjan (at) widesec (dot) com [email concealed]> writes:

>> >> we've found local privilege escalation in Symantec LiveState agent.
>> >>
>> >> PoC:
>> >>
>> >> 1. kill shstart.exe process
>>
MS> Wouldn't you have to be administrator to kill shstart.exe?
>>
>> LocalSystem account has more privilegies then administrator's one.

D> I don't think so. I think, SYSTEM account has less or same
D> privileges than Administrator. Or?

SeTCBPrivilege SeCreateTokenPrivilege

--
Yours sincerely, Eugeny.
Doctor Web, Ltd. http://www.drweb.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus