SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Windows Kernel Bug Lets Local Users Gain LocalSystem Privileges
SecurityTracker Alert ID:  1019904
SecurityTracker URL:  http://securitytracker.com/id/1019904
CVE Reference:   CVE-2008-1436   (Links to External Site)
Updated:  Apr 14 2009
Original Entry Date:  Apr 18 2008
Impact:   Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): XP SP3, 2003 SP2, Vista SP1, 2008; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows. A local user can obtain system privileges on the target system.

A local user can run code in context of the NetworkService or LocalService accounts to gain access to resources in processes that are also running as NetworkService or LocalService and potentially cause those processes to execute arbitrary code with LocalSystem privileges.

Any process that runs with SeImpersonatePrivilege and runs user-supplied code may be subject to exploit.

A presentation on the exploit technique from Cesar Cerrudo of Argeniss is available at:

http://www.argeniss.com/research/TokenKidnapping.pdf

Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected.

Demonstration exploit code is available at:

http://www.argeniss.com/research/Churrasco.zip

On March 13, 2009, the SANS Internet Storm Center reported that this vulnerability is being actively exploited as part of a blended attack in conjunction with various unrelated remote application vulnerabilities:

http://isc.sans.org/diary.html?date=2009-03-13

Impact:   A local user can obtain LocalSystem privileges on the target system.
Solution:   The vendor has issued a fix.

A patch matrix is available in the vendor's advisory.

A restart is required.

The vendor's advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-012.mspx

The original Microsoft advisory is available at:

http://www.microsoft.com/technet/security/advisory/951306.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-012.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Fri, 18 Apr 2008 00:06:12 -0400
Subject:  Microsoft Windows


http://www.microsoft.com/technet/security/advisory/951306.mspx

CVE-2008-1436
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC