APG Classmaster Workstation Windows SMB share access vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: APG Classmaster Workstation Windows SMB share access vulnerability
From: Alex Garrett <alex@xxxxxxxxxxxxxxxxxxx>
Date: 21 Apr 2005 11:50:33 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Greetings,

This vulnerability affects (I believe) all APG Classmaster Workstation
versions. It remains a problem as an attacker can access shares with full 
permissions over a LAN.

An attackers needs to issue a simple command in an MSDOS prompt (using the net 
windows application), mapping an account to a specified drive, as below:

net use [drive]: \\[server]\[user]$

A DIR command at this stage gives an access denied error. Knowing the name of 
the files area (which will be the same for each user) can lead to changing 
directory to that folder...

cd 'My files'

An attacker now has full permissions on a selected users 'my files' area.



Alex Garrett

Prev by Date: [PLSN-0001] - Multiple PHP vulnerabilities
Next by Date: TSLSA-2005-0013 - cvs
Previous by thread: [PLSN-0001] - Multiple PHP vulnerabilities
Next by thread: TSLSA-2005-0013 - cvs
Index(es):
- Date
- Thread