Re: [stunnel-users] Win32 Local Privilege Escalation when Stunnelinstalled as a System service

18 Aug 2005


      "Ian" cobalt-users1@fishnet.co.uk wrote:
...
There is a trivial to exploit Local Privilege Escalation when stunnel
is installed as a system service on windows.
Who should I inform of this so a fix can be made?
Me.  8-)
I'm aware about this problem.  It is easily possible to get localsystem 
privileges on Windows when stunnel is running as a service.
Because:
1. There are thousands of other ways to do it.  Windows uses Swiss Cheese 
Local Security Model.
http://en.wikipedia.org/wiki/Swiss_cheese
2. Virtually everyone uses an administrator account, so can gain localsystem 
privileges easily.
The current status of this bug is WONTFIX, but I'm open to persuasion.
Best regards,
    Mike

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [stunnel-users] Win32 Local Privilege Escalation when Stunnelinstalled as a System service