lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <E525222439A3D111B5F600609712CBEDA25396@mail.biac.duke.edu>
From: francis.favorini at duke.edu (Francis Favorini)
Subject: RE: [Bugtraq] McAfee VirusScan Privilege Escalation Vulnerability
 [iDEFENSE]

bashis [mailto:mcw@....se] wrote...
> There is a trick to get SYSTEM shell in VirusScan Enterprise 
> 7.1.0 and the 'brand' new version 8.0.0 also.
> 
> Do a new task, for a example "Update" and choose a program to 
> run after the task, do this task to run with a schedule, 
> efter this task is done the chosen program is running with 
> SYSTEM priviligies.

In my experience, non-admin users cannot add or edit tasks on VirusScan
Enterprise 7.1 (on Win XP).  In fact they cannot change any settings.  They
can only start an existing scan or update task.  Perhaps you have relaxed
permissions on HKLM\Software\Network Associates\TVD?  Ours are set to Read
for the Users group (inherited from HKLM\Software).  Or maybe your users are
running as Power Users?  Also, you can set a password on the user interface
to prevent changing the settings of your choice.

-Francis


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ