Vulners
Lucene search
Lotus Notes Diagnostic Tool 8.5/9.0 - Local Privilege Escalation
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Lotus Notes Diagnostic Tool 8.5/9.0 - Privilege Escalation Vulnerability | 4 Sep 201700:00 | – | zdt |
 | IBM Domino Notes System Diagnostic Elevation of Privilege Vulnerability | 9 Apr 201500:00 | – | cnvd |
 | CVE-2015-0179 | 6 Apr 201500:00 | – | cve |
 | CVE-2015-0179 | 6 Apr 201500:00 | – | cvelist |
 | EUVD-2015-0217 | 7 Oct 202500:30 | – | euvd |
 | Lotus Notes Diagnostic Tool 8.59.0 - Local Privilege Escalation | 2 Sep 201700:00 | – | exploitpack |
 | KLA10533 Multiple vulnerabilities in IBM domino | 5 Apr 201500:00 | – | kaspersky |
 | CVE-2015-0179 | 6 Apr 201500:59 | – | nvd |
 | IBM Domino Multiple Vulnerabilities (May 2015) | 8 May 201500:00 | – | openvas |
 | Lotus Notes Diagnostic Tool 8.5 / 9.0 Privilege Escalation | 2 Sep 201700:00 | – | packetstorm |
10
# Exploit Title: Lotus Notes Diagnostic Tool (nsd.exe) Privelege Escalation
# Date: 02-09-2017
# Exploit Author: ParagonSec
# Website: https://github.com/paragonsec
# Version: 8.5 & 9.0
# Tested on: Windows 7 Enterprise
# CVE: CVE-2015-0179
# Vendor CVE URL: http://www-01.ibm.com/support/docview.wss?uid=swg21700029
# Category: Local & Privilege Escalation Exploit
1. Description
Lotus Notes Diagnostic Tool (nsd.exe) runs under NT Authority/System rights.
This can be leveraged to run a program under the System context and elevate
local privileges.
2. Proof of Concept
First you need to execute nsd.exe under the monitor/CLI mode:
> nsd.exe -monitor
Next, after NSD finishes loading you can execute any program under the System context. In this example we will execute CMD.
nsd> LOAD CMD
You will see that cmd is opened as System now.
Also, NSD can be used to attach, kill processes or create memory dumps under the System context.
3. Solution:
This has been fixed on release 9.0.1 FP3 and 8.5.3 FP6.
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Sep 2017 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 27.2
EPSS0.00692