Inside GetAdmin

Mark Joseph Edwards (mark@ntshop.net)
Tue, 08 Jul 1997 10:27:54 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: SGI Security Coordinator: "SGI Security Advisory 19970502-02-PX - xlock Vulnerability"
Previous message: Warner Losh: "Re: Buffer overflow in "lpr""

The nature of the getadmin bug is in the following API calls:
ChangeNtGlobalFlag(GetNtGlobalFlagPtr());

The above code creates the exploit. The GetNtGlobalFlagPtr() can be
replaced with a fix pointer, eliminating the need for READ access to the
ntoskrnl.exe, making it much tougher to defend against, while at the same
time, making it far less portable across NT systems.

Mark

Next message: SGI Security Coordinator: "SGI Security Advisory 19970502-02-PX - xlock Vulnerability"
Previous message: Warner Losh: "Re: Buffer overflow in "lpr""