lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <201310250951.r9P9paXs005596@sf01web1.securityfocus.com>
Date: Fri, 25 Oct 2013 09:51:36 GMT
From: nospam@...il.it
To: bugtraq@...urityfocus.com
Subject: Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine
 Invoker Servlets Remote Code Execution

Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution

tested against: Microsoft Windows Server 2008 R2 sp1
download url: http://www.symantec.com/it/it/products-solutions/trialware/
file tested: Symantec_Workspace_Streaming_7.5.0.493.zip

vulnerability:
the "SWS Streamlet Engine" service (as_ste.exe) listening
on public port 9832 (tcp/http) is vulnerable.
It exposes the following servlet 
http://[host]:9832/invoker/EJBInvokerServlet
http://[host]:9832/invoker/JMXInvokerServlet
due to a bundled invoker.sar
The result is remote code execution with NT AUTHORITY\SYSTEM
privileges.

proof of concept url:
http://retrogod.altervista.org/9sg_ejb.html

~rgod~

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ