PID hackable from an open port?

Hi there,

I recently got into a discussion with a friend on the insecurities of Win2k. He told me that if you have an open port and know the PID of a service, you can essentially take over that process. I had always been under the assumption that a port is tied to a service so only that service could be hacked, but nothing else. I know that MS has it's security problems but that seemed a bit too easy. If you think about it, it's not very difficult to find an open port on a server and the system process is always 8. With that knowledge no Win2k server would be secure. Please help? Thanks.

I am fairly sure no such "master" Win2k vulnerability exists. Only vulnerable services can be compromised. If you dont want this problem at all get a real operating system, OpenBSD.

I think your friend is referring to a design flaw in windows that was heavily discussed a few months ago. The way I understood the discussion is that the way message passing is done in windows it could allow an unpriveledged user privelaged access by monkeying with the message passing interface. In other words, it is to my knowledge, a privelage escalation attack, not necessarily a remote attack.

Found part of the discussion here:

http://online.securityfocus.com/arch...4/2002-07-10/0 (one of the dicussions floating around)

http://www.isg.rhul.ac.uk/~simos/event_demo/ (the 'white paper' or 'demo' of the proof of concept).

/Nebulus

Interesting links, but I'm not sure if thats what he was talking about. I'm sure he was talking about a remote attack.