Peanut shell local privilege elevation vulnerability-vulnerability warning-the black bar safety net

2006-01-15T00:00:00
ID MYHACK58:6220066387
Type myhack58
Reporter 佚名
Modified 2006-01-15T00:00:00

Description

Peanut shell local privilege escalation vulnerability

by Sowhat

Last updated: 2005.09.24

English: http://secway.org/advisory/AD20050720EN.txt English: http://secway.org/advisory/AD20050720CN.txt

CVE:CAN-2 0 0 5-2 3 8 2 BID:1 4 3 3 0

Affected products:

PeanutHull <= 3.0.1.0

Review:

Network domain technology known as the global maximum of the DDNS(dynamic domain name provider. Peanut shells is that they provide the client More information, you can view http://www. oray. net

Specific details:

The vulnerability is mainly due to the peanut shell client System icon is not properly drop SYSTEM privileges.

A local unprivileged user can access System icon to SYSTEM privileges to execute arbitrary commands.

Trojan: 1. Double-click the taskbar peanut shell icon to open the peanut shell window 2. Click“Help”to open the“forum” 3. In the popup of the IE address bar enter C:\ 4. Switch to the%WINDIR%\System32\ 5. 单击 打开 cmd.exe 6. Then open the cmd. exe with SYSTEM privileges running

Successful exploitation of this vulnerability may obtain SYSTEM privileges

Vendor reply:

2005.07.13 by EMAIL notification to vendors. 2005.07.14 vendor responded that will be in 3. 0 official version to fix this issue 2005.07.20 peanut shell 3. 0 official version released 2005.07.20 this announcement

Update:

Secunia at to verify this vulnerability is found, the latest of the 3. 0. 1. 0 version is still the presence of this defect. A local user can send a SW_SHOW message to tune out the peanut shell window, and thus enhance the permission.

2005.07.21 test code published

Trojan: http://secway.org/exploit/PeanutHull_Local.rar

Solution: No Please use the peanut shell user limit ordinary user access And always pay attention to the domain of Science and Technology of patch