Privilege escalation flaw in AClient Service for Windows (Version 5.6.181).

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Privilege escalation flaw in AClient Service for Windows (Version 5.6.181).
From: Reed Arvin <reedarvin@xxxxxxxxx>
Date: 19 Nov 2004 06:10:54 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Summary:
A privilege escalation flaw exists in the AClient Service for Windows (Version 
5.6.181) (http://www.altiris.com/).

Details:
A privilege escalation technique can be used to gain SYSTEM level
access while interacting with the AClient Service for Windows tray icon.

Vulnerable Versions:
Altiris Deployment Solution 5.6 SP1 (Hotfix E)

Solutions:
The vendor was notified of the issue. There was no technical response. The 
vendor will not give support without a support contract.

Exploit:
1. Right click on the Altiris Client Service icon in the Taskbar and choose 
View Log File
2. Notepad should open. Click File, click Open
3. In the Files of type: field choose All Files
4. Navagate to %WINDIR%\System32\
5. Right click on cmd.exe and choose Open
6. A new command shell with launch with SYSTEM privileges

Discovered by Reed Arvin reedarvin[at]gmail[dot]com

Prev by Date: EXEC exploit in phpBB - new release
Next by Date: MDKSA-2004:136 - Updated samba packages fix remote vulnerability
Previous by thread: EXEC exploit in phpBB - new release
Next by thread: MDKSA-2004:136 - Updated samba packages fix remote vulnerability
Index(es):
- Date
- Thread