[stunnel-users] Win32 Local Privilege Escalation when Stunnelinstalled as a System service

• Previous message (by thread): [stunnel-users] Win32 Local Privilege Escalation when Stunnelinstalled as a System service
• Next message (by thread): [stunnel-users] Stunnel HTTPS Client Issue
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Ian" <cobalt-users1 at fishnet.co.uk> wrote:

> There is a trivial to exploit Local Privilege Escalation when stunnel
> is installed as a system service on windows.
>
> Who should I inform of this so a fix can be made?

Me.  8-)

I'm aware about this problem.  It is easily possible to get localsystem 
privileges on Windows when stunnel is running as a service.

Because:
1. There are thousands of other ways to do it.  Windows uses Swiss Cheese 
Local Security Model.
http://en.wikipedia.org/wiki/Swiss_cheese
2. Virtually everyone uses an administrator account, so can gain localsystem 
privileges easily.
The current status of this bug is WONTFIX, but I'm open to persuasion.

Best regards,
    Mike 

• Previous message (by thread): [stunnel-users] Win32 Local Privilege Escalation when Stunnelinstalled as a System service
• Next message (by thread): [stunnel-users] Stunnel HTTPS Client Issue
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]