[krbdev.mit.edu #2563] issues found with Microsoft's Application Verifier

Brant Gurganus via RT rt-comment at krbdev.mit.edu
Mon May 17 11:57:49 EDT 2004 

These issues were found with Microsoft's Application Verifier (free):

krbcc32.dll supplied a possibly-untrustworthy owner for an object.
(krbcc32.dll:00001949) Object created/set by CreateFileMapping: 
krbcc.1144838.auth is owned by GURGANBL-1\gurganbl
The application assigned an object (file, registry key, etc.) security 
descriptor specified an owner who may or may not be fully trusted.  Any 
object's owner is automatically granted the ability to change the 
security permissions on that object (WRITE_DAC).  The owner (listed in 
the message) should be reviewed to determine if this is safe.  If this 
object is only to be accessed by the owner, then this message can be 
ignored.  This message means that security problems MAY exist with the 
object in question.

krb5_32.dll uses an obsolete API
(krb5_32.dll:0000D12C) API: GetPrivateProfileStringA [4x]
The application called an obsolete API. Applications should not call 
obsolete APIs. Find and use current APIs instead.

When spoofed to look like a future version of Windows, leash32.exe has 
an Application Error.
The application failed to initialize properly (0xc0000005). Click on OK 
to terminate the application.
The message appears twice.  The spoofed Windows version is:
7.2.4500.

leashw32.dll accessed an object whose owner may by untrustworthy.
(leashw32.dll:00005A4B) Object accessed by OpenProcess: 1552 is owned by 
GURGANBL-1\gurganbl
The application opened an object (file, registry key, etc.) whose 
security descriptor specified an owner who may or may not be fully 
trusted.  Any object's owner is automatically granted the ability to 
change the security permissions on that object (WRITE_DAC).  The owner 
(listed in the message) should be reviewed to determine if this is 
safe.  If this object is only to be accessed by the owner, then this 
message can be ignored. The object may have been created by another 
application-- this message means that the infrastructure on which this 
application is built MAY have security issues.  The entity responsible 
for setting the security of the object should be identified and informed 
of the potential problem.

More information about the krb5-bugs mailing list