| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f5cdeb19050812074970ed9abc@mail.gmail.com> Date: Fri, 12 Aug 2005 09:49:43 -0500 From: Jeff Peadro <jeff.peadro@...il.com> To: bugtraq@...urityfocus.com, full-disclosure-bounces@...ts.grok.org.uk, vuln@...unia.com, news@...uriteam.com, full-disclosure@...ts.grok.org.uk Subject: FW: Updated Version & Exploit - Privilege escalation in Nortel Contivity VPN Client V05_01.030 Updated to add additional version & exploit details. Reps to Crime Dog Vulnerable Versions: Nortel Contivity VPN Client V05_01.100 Patches/Workarounds: Good question Exploit: 1. With the Contivity client open click go into "Group Authentication Options" 2. Select "Challenge Response Token" options. 3. Click on the "Software Token Directory" browse button. 4. Change Files of type: to All Files, navigate to the system32 directory and locate cmd.exe. Right click cmd.exe and choose Open. The result is a command prompt running under the context of the LocalSystem account. Discovered by Crime Dog thecrimedog[at]sbcglobal[dot]net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists