[stunnel-users] Win32 Local Privilege Escalation when Stunnelinstalled as a System service
Michal.Trojnara at mobi-com.net
Thu Aug 18 09:37:09 CEST 2005
"Ian" <cobalt-users1 at fishnet.co.uk> wrote:
> There is a trivial to exploit Local Privilege Escalation when stunnel
> is installed as a system service on windows.
> Who should I inform of this so a fix can be made?
I'm aware about this problem. It is easily possible to get localsystem
privileges on Windows when stunnel is running as a service.
1. There are thousands of other ways to do it. Windows uses Swiss Cheese
Local Security Model.
2. Virtually everyone uses an administrator account, so can gain localsystem
The current status of this bug is WONTFIX, but I'm open to persuasion.
More information about the stunnel-users