Full Disclosure mailing list archives
Privilege escalation flaw in the AClient Service for Windows (Version 5.6.181).
From: Reed Arvin <reedarvin () gmail com>
Date: Mon, 29 Nov 2004 08:49:12 -0700
Summary: A privilege escalation flaw exists in the AClient Service for Windows (Version 5.6.181) (http://www.altiris.com/). Details: A privilege escalation technique can be used to gain SYSTEM level access while interacting with the AClient Service for Windows tray icon. Vulnerable Versions: Altiris Deployment Solution 5.6 SP1 (Hotfix E) Solutions: The vendor was notified of the issue. There was no technical response. The vendor will not give support without a support contract. Exploit: 1. Right click on the Altiris Client Service icon in the Taskbar and choose View Log File 2. Notepad should open. Click File, click Open 3. In the Files of type: field choose All Files 4. Navagate to %WINDIR%\System32\ 5. Right click on cmd.exe and choose Open 6. A new command shell with launch with SYSTEM privileges Discovered by Reed Arvin reedarvin[at]gmail[dot]com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Privilege escalation flaw in the AClient Service for Windows (Version 5.6.181). Reed Arvin (Nov 29)