Re: Microsoft Security Bulletin (MS99-051) (fwd)

From: Kris Kennaway (krisat_private)
Date: Wed Dec 01 1999 - 20:17:44 PST

Next message: S, Jared: "Insecure default permissions for MailMan Professional Edition,"

Previous message: Keith Piepho: "Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise"
Next in thread: David LeBlanc: "Re: Microsoft Security Bulletin (MS99-051) (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 30 Nov 1999, David LeBlanc wrote:

> >Regardless of that, how does the patch stop malicious users from
> >producing AT jobs that have valid signatures and putting them in place?
>
> The signature is based on a unique certificate that is stored in the
> private data, and only admins can access the certificate.  So your
> requirement to use this method (post-fix) to become admin is to be admin.

Replay attack? I read the patch description as saying that it stores a
signature in the file containing the AT job, which is verified at
execution time. If you can read the job file as another user, you may be
able to resubmit the same job multiple times, if the signature doesn't
include data which is instance-specific (e.g. the job ID).

Kris

Next message: S, Jared: "Insecure default permissions for MailMan Professional Edition,"
Previous message: Keith Piepho: "Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise"
Next in thread: David LeBlanc: "Re: Microsoft Security Bulletin (MS99-051) (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:16:24 PDT