[Full-disclosure] Re: Question for the Windows pros




Paul Schmehl wrote in news:5E610DD0DFACB633154F31E7@xxxxxxxxxxxxxxxxxxxxx

> This is incorrect. The privilege exists *and* functions on the
> Workstation operating systems Win2000 SP4 *and* WinXP. I have verified
> this through testing.

Yes, there's nothing new about impersonation, it's been there all the way
back to NT.

> I've already been there and read the page - several times. I understand
> *in general* what an impersonation privilege is. I need to know
> *specifically* what "server's clients" can be impersonated when this
> privilege is applied to an account. So far, I've found nothing on the web
> that even attempts to address that issue.

> Unfortunately, it has not. Again, I understand *in general* what
> impersonation is, how it works and what it can mean in terms of security.
>
> I am looking *specifically* for what a user who has the privilege
> Impersonate a client after authentication has the right to do. Does it
> mean that *anything* that user runs runs under his/her privileges? Does
> it mean only *local* processes are affected? Does it mean a hacker can
> access the machine remotely and run under the user's privileges?
>
> IOW, if I have a domain account name "Joe", and I grant "Joe" this
> privilege, what is placed at risk? The local machine he's logged in to?
> The entire domain? Only certain services? Saying it's a high risk (like
> ISS does) and then not defining *precisely* what the risks are is not
> helpful.

> And all I was really asking for is pointers to any white papers or
> conference presentations that even attempt to illuminate this issue.
>
> It's looking like there are none.

The info is out there, but it's scattered across a combination of MSDN,
WDJ, OSR and similar sources.

I started writing a full explanation yesterday when you posted this. I'll
try and finish it off when I get home from work this evening.

cheers,
DaveK
--
Can't think of a witty .sigline today....



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • The Weakness of Windows Impersonation Model
    ... The Weakness of Windows Impersonation Model ... Network Service account’s context is elevated to LocalSystem. ... unauthorized privilege elevation. ...
    (Bugtraq)
  • Re: The Weakness of Windows Impersonation Model
    ... I believe Longhorn/Vista will address many of issues that currently affect impersonation. ... A context of MS SQL service running as unique user account is ... unauthorized privilege elevation. ...
    (Bugtraq)
  • Re: Impersonation and UNC network resources
    ... need the "Act as part of the operating system" privilege to call it under ... only the SYSTEM account has this. ... privilege to any account you want to, but be very careful about that as it ... Another option for you would be using impersonation with Kerberos delegation ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re[2]: The Weakness of Windows Impersonation Model
    ... keep their impersonation tokens for a while. ... A context of MS SQL service running as unique user account is ... unauthorized privilege elevation. ...
    (Bugtraq)
  • Re: Impersonation using WindowsIdentity( upn ) ctor
    ... are using under the hood when you use the WindowsIdentity "UPN" ctor. ... the token returned by the API will either be an Impersonation ... Only accounts with with that privilege can create an ... only the SYSTEM account has ...
    (microsoft.public.dotnet.security)