Peanut shell local privilege escalation vulnerability
Last updated: 2005.09.24
English: http://secway.org/advisory/AD20050720EN.txt English: http://secway.org/advisory/AD20050720CN.txt
CVE:CAN-2 0 0 5-2 3 8 2 BID:1 4 3 3 0
PeanutHull <= 184.108.40.206
Network domain technology known as the global maximum of the DDNS（dynamic domain name provider. Peanut shells is that they provide the client More information, you can view http://www. oray. net
The vulnerability is mainly due to the peanut shell client System icon is not properly drop SYSTEM privileges.
A local unprivileged user can access System icon to SYSTEM privileges to execute arbitrary commands.
Trojan: 1. Double-click the taskbar peanut shell icon to open the peanut shell window 2. Click“Help”to open the“forum” 3. In the popup of the IE address bar enter C:\ 4. Switch to the%WINDIR%\System32\ 5. 单击 打开 cmd.exe 6. Then open the cmd. exe with SYSTEM privileges running
Successful exploitation of this vulnerability may obtain SYSTEM privileges
2005.07.13 by EMAIL notification to vendors. 2005.07.14 vendor responded that will be in 3. 0 official version to fix this issue 2005.07.20 peanut shell 3. 0 official version released 2005.07.20 this announcement
Secunia at to verify this vulnerability is found, the latest of the 3. 0. 1. 0 version is still the presence of this defect. A local user can send a SW_SHOW message to tune out the peanut shell window, and thus enhance the permission.
2005.07.21 test code published
Solution: No Please use the peanut shell user limit ordinary user access And always pay attention to the domain of Science and Technology of patch