OT: Exchange (Was Re: OpenVMS - When downtime is not an option)
- From: "Tom Linden" <tom-remove@xxxxxxxxxx>
- Date: Wed, 04 Jul 2007 06:30:40 -0700
On Wed, 04 Jul 2007 05:30:16 -0700, <david20@xxxxxxxxxxxxxxxx> wrote:
In article <h8SdnWZlQ7mWVRfbnZ2dnUVZ_vmqnZ2d@xxxxxxxxxxxxxxxxxxxxxxxx>, Bill Todd <billtodd@xxxxxxxxxxxxx> writes:Main, Kerry wrote:
....
If the design and/or architecture of the OS platform allows an
application bug to provide access to protected data and/or provides
elevated rights on the system, does sit matter if it is an application
or kernel OS issue?
Clearly, that would be an OS bug (or at least a serious design flaw, if
indeed it were intentional rather than inadvertent) - *if* it had been
the case in this instance.
It was not: the bugs *only* affected Exchange Server. If Exchange
Server was designed such that it had to execute in a privileged
environment (such that once compromised itself it could compromise other
parts of the system as you describe above), rather than designed
modularly such that at most a few critical parts of it might require
privilege (certainly not including the parsing functions that these bugs
affected) and the rest could run unprivileged, that was an *Exchange
Server* design flaw, not a Windows flaw.
What is this "IF" ?
From http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx
"An attacker who successfully exploited this vulnerability could take
complete control of the affected system. An attacker could then install
programs; view, change or delete data; or create new accounts with full user
rights"
Obviously this means that the codepath executed by the bug must run at a high
privilege level. Whether that is because Exchange is running with higher
privileges than it really needs because of bad design and implementation or
whether it is doing something which requires it to have high privileges at that
point in time is not something easily judged without access to the design
documents and/or source of Exchange.
If as you seem to believe it is bad design and implementation in Exchange
causing it to run at higher privileges than needed then it is down to those
designing and programming Exchange at Microsoft. However Exchange is a
Microsoft product and those same designers and programmers have probably also
worked on the OS code during their careers and have had their code reviewed
by the same quality control people.
Also similar bugs affect lots of Microsoft products which also result in
an attacker gaining complete control of the system. Hence similar comments
apply to all those involved with the design and programming of those products.
Hence either we have all these Microsoft designers and programmers making
similar mistakes (ie unnecessarily running their code with elevated privileges
when parsing input data) for all these Microsoft Apllications but not making
any mistakes in the OS or we have major problems in the OS which the
application programmers have trouble avoiding when writing their code.
As an aside, which I find disturbing, 3 of the 4 banks where I keep accounts use
Exchange for the front-ends, and this is for online banking! Fortunately they
are local so I can drive to them.
David Webb
Security team leader
CCSS
Middlesex University
- bill
--
PL/I for OpenVMS
www.kednos.com
.
- References:
- RE: OpenVMS - When downtime is not an option
- From: Main, Kerry
- Re: OpenVMS - When downtime is not an option
- From: Bill Todd
- Re: OpenVMS - When downtime is not an option
- From: david20
- RE: OpenVMS - When downtime is not an option
- Prev by Date: Re: Enhancement request - SHOW USER
- Next by Date: Dissimillar Drives (Was Re: expanding shadow size)
- Previous by thread: Re: OpenVMS - When downtime is not an option
- Next by thread: Re: OT: Exchange (Was Re: OpenVMS - When downtime is not an option)
- Index(es):
Relevant Pages
|
Loading
