[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Privilege escalation flaw in the AClient Service for Windows (Version 5.6.181).

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Privilege escalation flaw in the AClient Service for Windows (Version 5.6.181).
From: Reed Arvin <reedarvin@xxxxxxxxx>
Date: Mon, 29 Nov 2004 08:49:12 -0700

Summary:
A privilege escalation flaw exists in the AClient Service for Windows
(Version 5.6.181) (http://www.altiris.com/).

Details:
A privilege escalation technique can be used to gain SYSTEM level
access while interacting with the AClient Service for Windows tray
icon.

Vulnerable Versions:
Altiris Deployment Solution 5.6 SP1 (Hotfix E)

Solutions:
The vendor was notified of the issue. There was no technical response.
The vendor will not give support without a support contract.

Exploit:
1. Right click on the Altiris Client Service icon in the Taskbar and
choose View Log File
2. Notepad should open. Click File, click Open
3. In the Files of type: field choose All Files
4. Navagate to %WINDIR%\System32\
5. Right click on cmd.exe and choose Open
6. A new command shell with launch with SYSTEM privileges

Discovered by Reed Arvin reedarvin[at]gmail[dot]com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Is www.sco.com hacked?
Next by Date: [Full-Disclosure] Buffer overlow in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions.
Previous by thread: [Full-Disclosure] [SECURITY] [DSA 601-1] New libgd1 packages fix arbitrary code execution
Next by thread: [Full-Disclosure] Buffer overlow in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions.
Index(es):
- Date
- Thread