17 Aug
2005
17 Aug
'05
11:37 p.m.
"Ian" <cobalt-users1@fishnet.co.uk> wrote:
There is a trivial to exploit Local Privilege Escalation when stunnel is installed as a system service on windows.
Who should I inform of this so a fix can be made?
Me. 8-) I'm aware about this problem. It is easily possible to get localsystem privileges on Windows when stunnel is running as a service. Because: 1. There are thousands of other ways to do it. Windows uses Swiss Cheese Local Security Model. http://en.wikipedia.org/wiki/Swiss_cheese 2. Virtually everyone uses an administrator account, so can gain localsystem privileges easily. The current status of this bug is WONTFIX, but I'm open to persuasion. Best regards, Mike