[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] IVPN Client for Windows 2.6.6120.33863 Privilege Escalation

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] IVPN Client for Windows 2.6.6120.33863 Privilege Escalation
From: Kacper Szurek <kacperszurek@xxxxxxxxx>
Date: Mon, 6 Feb 2017 16:33:16 +0100

# Exploit: IVPN Client for Windows 2.6.6120.33863 Privilege Escalation
# Date: 06.02.2017
# Software Link: https://www.ivpn.net/
# Exploit Author: Kacper Szurek
# Contact: https://twitter.com/KacperSzurek
# Website: https://security.szurek.pl/
# Category: local

1. Description

It is possible to run `openvpn` as `SYSTEM` with custom openvpn.conf.

Using `--up cmd` we can execute any command.

https://security.szurek.pl/ivpn-client-for-windows-26612033863-privilege-escalation.html

2. Proof of Concept

https://github.com/kacperszurek/exploits/blob/master/IVPN/ivpn_privilege_escalation.py

3. Solution

Update to version 2.6.2

https://www.ivpn.net/setup/windows-changelog.html

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Teleopti WFM <= 7.1.0 Multiple Vulnerabilities
Next by Date: [FD] Remote DoS against OpenBSD http server (up to 6.0)
Previous by thread: [FD] Teleopti WFM <= 7.1.0 Multiple Vulnerabilities
Next by thread: [FD] Remote DoS against OpenBSD http server (up to 6.0)
Index(es):
- Date
- Thread