Win32 API utterly and irreprarable broken
David Uhlman
plug-discuss@lists.plug.phoenix.az.us
Wed, 7 Aug 2002 18:20:32 -0700
Though I am loathe to "defend" Microsoft if you read the bug track info
http://online.securityfocus.com/archive/1/286228/2002-08-03/2002-08-09/1 you
can see that this is more complex than just a typical MS bug/error and plays
off the problem of supporting 10 years of legacy api code and insufficient
vendor understanding of the damages possible via message queuing.
It is not so much of a bug because a patch can't be applied to this, it is
more of a "known issue" that vendors must be made aware of to avoid building
programs that can be taken advantage of by this. A very limited parallel
might be a Linux vendor building a program that runs inappropriate code as
root so that privilege escalation is possible.
Sincerely,
David Uhlman
CTO 50km Inc.
office(877-571-7679)
mobile(602-770-9551)
fax(509-752-3882)
email(duhlman@50km.com)
----- Original Message -----
From: "George Toft" <george@georgetoft.com>
To: "PLUG Discuss" <plug-discuss@lists.plug.phoenix.az.us>
Sent: Wednesday, August 07, 2002 4:27 PM
Subject: Win32 API utterly and irreprarable broken
> Something from another LUG:
>
> This Windows hole might have NO fix!
>
> http://www.theregister.co.uk/content/4/26561.html
>
> George
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>