exploit the possibilities

iss.97-10-21.scheduler_winlogin_keys

iss.97-10-21.scheduler_winlogin_keys
Posted Oct 23, 1997

iss.97-10-21.scheduler_winlogin_keys

MD5 | 24b7fd453e9fa2d26d4bacf80e898758

iss.97-10-21.scheduler_winlogin_keys

Change Mirror Download

From xforce@ISS.NET Thu Oct 23 11:41:17 1997
Date: Wed, 22 Oct 1997 17:22:31 -0400
From: X-Force <xforce@ISS.NET>
To: BUGTRAQ@NETSPACE.ORG
Subject: ISS Security Alert

-----BEGIN PGP SIGNED MESSAGE-----

ISS Security Alert
October 21, 1997
Scheduler/Winlogin Keys have Incorrect Permissions

This advisory describes two similar configuration problems in the Windows
NT Registry key permissions. These vulnerabilities can allow users with
Server Operator privilege to increase their access level to Administrator.

Problem 1: Scheduler Key Has Incorrect Permissions

Affects: Windows NT

Description:
The HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Schedule key
controls the schedule service. Server Operators have permission to write
to this registry tree, which would allow them to manually schedule jobs
to be run by the schedule service, which normally executes under the
system user context. This can be used to raise the Server Operator's
access level to Administrator.

Risk: Medium

Solution:
Local Machine (GUI): From the Start menu, choose 'Run.' Type 'regedt32'
and click 'OK.' This opens the Registry Editor. Through the Security
menu, remove write access to the Schedule key for Server Operators.


Problem 2: Winlogon Key Has Incorrect Permissions

Affects: Windows NT

Description:
The HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
key has two values which can be used to cause a process to execute upon
either system bootup, or when a user logs on. The programs pointed to by
the System value run under the system user context after boot, and could
be used to change a user's rights or access level. The UserInit value
runs applications when a user logs in. The default settings for this key
allow Server Operators to write these values, either of which could be
used to raise a System Operator's access level to Administrator.

Risk: Medium

Solution:
Local Machine (GUI): From the Start menu, choose 'Run.' Type 'regedt32'
and click 'OK.' This opens the Registry Editor. Through the Security
menu, remove write access to the Winlogon key for Server Operators.

=========================================================================
Caution: Care must be taken when using the Registry Editor. If incorrect
values are entered, the system may become inoperable. Should a mistake be
made when editing the registry values, the registry state can be restored
to the state at the last time the system booted up. For more information,
see the Windows NT Help under the "Registry" section.
=========================================================================

Acknowledgments:
This problem was identified by David LeBlanc of ISS (dleblanc@iss.net).

References:
http://support.microsoft.com/support/kb/articles/q126/7/13.asp
http://www.infoworld.com/cgi-bin/displayStory.pl?971014.wntsecurity.htm


X-Force Vulnerability and Threat Database: http://www.iss.net/xforce

To receive these Alert Summaries, subscribe to the ISS Alert mailing list
by sending an email to majordomo@iss.net and within the body of the
message type: 'subscribe alert'.

Internet Security Systems, Inc., (ISS) is the pioneer and world's leading
supplier of network security assessment and monitoring tools, providing
comprehensive software that enables organizations to proactively manage
and minimize their network security risks. For more information, contact
the company at (800) 776-2362 or (770) 395-0150 or visit the ISS Web site
at http://www.iss.net.

- --------
Copyright (c) 1997 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this Alert Summary
electronically. It is not to be edited in any way without express consent
of X-Force. If you wish to reprint the whole or any part of this
Alert Summary in any other medium excluding electronic medium, please
email xforce@iss.net for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.

X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html

Please send suggestions, updates, and comments to:
X Force <xforce@iss.net> of Internet Security Systems, Inc.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNE5uEjRfJiV99eG9AQEKTQP8D+ZW5qQX6Sl1YoGO/pLoTwZwLhLswgGI
DLvVGenkYmljP4VkEozjxePVVtnlKQadLm54iYzESpf9I3siJeuC0ZiUXKFUYz8U
85EH7LCqeNONa6bD0700RVIe/NFoLN7OkXnkvr5TooX4Kqkx+RyJu8fTu46mXSke
7iDg3DnrHkg=
=np7I
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close