lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20041119061054.21930.qmail@www.securityfocus.com>
Date: 19 Nov 2004 06:10:54 -0000
From: Reed Arvin <reedarvin@...il.com>
To: bugtraq@...urityfocus.com
Subject: Privilege escalation flaw in AClient Service for Windows (Version
    5.6.181).




Summary:
A privilege escalation flaw exists in the AClient Service for Windows (Version 5.6.181) (http://www.altiris.com/).

Details:
A privilege escalation technique can be used to gain SYSTEM level
access while interacting with the AClient Service for Windows tray icon.

Vulnerable Versions:
Altiris Deployment Solution 5.6 SP1 (Hotfix E)

Solutions:
The vendor was notified of the issue. There was no technical response. The vendor will not give support without a support contract.

Exploit:
1. Right click on the Altiris Client Service icon in the Taskbar and choose View Log File
2. Notepad should open. Click File, click Open
3. In the Files of type: field choose All Files
4. Navagate to %WINDIR%\System32\
5. Right click on cmd.exe and choose Open
6. A new command shell with launch with SYSTEM privileges

Discovered by Reed Arvin reedarvin[at]gmail[dot]com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ