[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Panda Security Multiple Business Products - Privilege Escalation

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>, "advisories@xxxxxxxxxxxxxxxxxxxxxxx" <advisories@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: [FD] Panda Security Multiple Business Products - Privilege Escalation
From: Kyriakos Economou <keconomou@xxxxxxxxxxxxx>
Date: Wed, 6 Apr 2016 09:52:16 +0000

* CVE: CVE-2016-3943
* Vendor: Panda Security
* Reported by: Kyriakos Economou
* Date of Release: 05/04/2016
* Affected Products: Multiple
* Affected Version: Panda Endpoint Administration Agent < v7.50.00
* Fixed Version: Panda Endpoint Administration Agent v7.50.00


Description:
Panda Endpoint Administration Agent v7.30.2 allows a local attacker to elevate 
his privileges from any account type (Guest included) and execute code as 
SYSTEM, thus completely compromising the affected host.


Affected Products:

Any Panda Security For Business products for Windows using this Agent service 
are vulnerable.


Technical Details:

Upon installing some Panda Security for Business products for Windows, such as 
Panda Endpoint Protection/Plus, a service named as 'Panda Endpoint 
Administration Agent' is installed in the host. This service runs  under the 
SYSTEM account. However, due to weak ACLs set to the installation directory 
("C:\Program Files\Panda Security\WaAgent") of this application and its 
subdirectories, any user can modify or overwrite any executable module (dynamic 
link libraries and executables) installed in those directories.


Impact:

A local attacker can elevate his privileges from any user account and execute 
code as SYSTEM.


Disclosure Log:
Vendor Contacted: 12/01/2016
Public Disclosure: 05/04/2016

Copyright:
Copyright (c) Nettitude Limited 2016, All rights reserved worldwide.

Disclaimer:
The information herein contained may change without notice. Any use of this 
information is at the user's risk and discretion and is provided with no 
warranties. Nettitude and the author cannot be held liable for any impact 
resulting from the use of this information.

Kyriakos Economou
Vulnerability Researcher

[logo]<http://www.nettitude.co.uk/>

P  +44 (0) 845 520 0085 ext 1189
F  +448455 200 222
keconomou@xxxxxxxxxxxxx<mailto:keconomou@xxxxxxxxxxxxx%0d>
www.nettitude.co.uk<http://www.nettitude.co.uk/>


Nettitude NEWS
#Nettitude awarded MSSP of the Year by LogRhythm
#Nettitude features on NBC<http://www.nettitude.com/nbc-interview/>
[Nettitude Awards]<http://www.nettitude.com/>
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 
. . . . . . . . . . . . . . . . . . . . . . . . .
Nettitude Limited: 1 Jephson Court * Tancred Close * Leamington Spa * 
Warwickshire * CV31 3RZ
Nettitude Inc: 85 Broad Street * 17th Floor * New York * NY10004 * EIN 
No.36-4694227
Twitter<https://twitter.com/Nettitude_com> * 
LinkedIn<http://uk.linkedin.com/company/nettitude-group> * Google 
Plus<https://plus.google.com/+Nettitude-penetrationtesting/posts> * 
FaceBook<https://www.facebook.com/Nettitude> * 
YouTube<http://www.youtube.com/channel/UCRUUESU5OTfRte0P-pm2MZQ> * 
Threat2Alert<http://www.threat2alert.com/>
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 
. . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 
. . . . . . . . . . . . . . . . . . . . . . . . .
LOVE REFERRALS - please pass our contact details on 
solutions@xxxxxxxxxxxxx<mailto:solutions@xxxxxxxxxxxxx>. Thank you!

______________________________________________________________________
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager.

Nettitude employ a secure email policy for sending emails to customers. Should 
your email service support ESMTP, you will likely have received this email over 
TLS. We also utilise a backup secure service via Cisco Registered Envelope 
Service. For more information visit https://res.cisco.com/websafe/about

This footnote also confirms that this email message has been swept by a content 
checking tool for the presence of computer viruses.

Nettitude Limited is a Company registered in England
Registered Address
Nettitude Limited, 1 Jephson Court, Tancred Close, Leamington Spa, 
Warwickshire, CV31 3RZ
Company Registration Number: 4705154
VAT Number: 184 5171 96
www.nettitude.com
______________________________________________________________________

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] hardwear.io CFP 2016 - Hardware Security Conference Call for Papers
Next by Date: [FD] Panda Security 2016 Home User Products - Privilege Escalation
Previous by thread: [FD] hardwear.io CFP 2016 - Hardware Security Conference Call for Papers
Next by thread: [FD] Panda Security 2016 Home User Products - Privilege Escalation
Index(es):
- Date
- Thread