Re: Microsoft VISTA TCP/IP stack buffer overflow

To: Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: Microsoft VISTA TCP/IP stack buffer overflow
From: Edi Strosar <edi.strosar@xxxxxxxxx>
Date: Tue, 25 Nov 2008 23:08:54 +0100
In-reply-to: <20081125202424.24990.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20081125202424.24990.qmail@xxxxxxxxxxxxxxxxx>
User-agent: Thunderbird 2.0.0.18 (Windows/20081105)

Administrator lives in Ring 3 while this crash happens in Ring 0.Nobody, not even Admin shouldn't be able to corrupt kernel space. It'snot a security issue per se - it's just a bug.



dale@xxxxxxxxxxx wrote:

So, let me try and understand this.

According to what you have written, and the MSDN documentation on this 
CreateIpForwardEntry2 call, you need to be (at least) a member of the 
Administrators group.

So how is this "security vulnerability" any different to me creating a program, 
which will require the same Administrative rights, to say, wipe the boot configuration 
file?

References:
- Re: Microsoft VISTA TCP/IP stack buffer overflow
  - From: dale

Prev by Date: RSA EnVision Remote Password Disclosure
Next by Date: WordPress XSS vulnerability in RSS Feed Generator
Previous by thread: Re: Microsoft VISTA TCP/IP stack buffer overflow
Next by thread: PR07-11: Cross-site Request Forgery (CSRF) on Sun Java System Identity Manager
Index(es):
- Date
- Thread