[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Local Privilege Escalation Vulnerabilities in Lotus Notes Client

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Local Privilege Escalation Vulnerabilities in Lotus Notes Client
From: kochetkov.vladimir@xxxxxxxxx
Date: 22 Aug 2007 10:25:28 -0000

Local Privilege Escalation Through Default ntmulti.exe File Permissions

Unprivileged users can execute arbitrary programs that run with the privileges 
of the LocalSystem account by replacing the Multi-user Cleanup Service 
executable with arbitrary executables. This vulnerability exists because the 
default file permissions assigned during installation to ntmulti.exe (the 
executable for the Multi-user Cleanup Service) allow unprivileged, interactive
users to replace ntmulti.exe with any file.

Because the Multi-user Cleanup Service is a Windows service running with 
LocalSystem privileges, unprivileged users can easily elevate their privileges.

Follow-Ups:
- Re: Local Privilege Escalation Vulnerabilities in Lotus Notes Client
  - From: 3APA3A

Prev by Date: [ MDKSA-2007:169 ] - Updated gdm packages fix DoS vulnerability
Next by Date: Encryption Weakness in Sun Sun AS 9.0_0.1 (build b02-p01)
Previous by thread: [ MDKSA-2007:169 ] - Updated gdm packages fix DoS vulnerability
Next by thread: Re: Local Privilege Escalation Vulnerabilities in Lotus Notes Client
Index(es):
- Date
- Thread