Peanut shell local privilege escalation vulnerability analysis-vulnerability warning-the black bar safety net

2007-09-10T00:00:00
ID MYHACK58:62200716864
Type myhack58
Reporter 佚名
Modified 2007-09-10T00:00:00

Description

Affected products:

PeanutHull <= 3.0.1.0

Review:

Network domain technology known as the global maximum of the DDNS(dynamic domain name provider. Peanut shells is that they provide the client More information, you can view http://www. oray. net

Specific details:

The vulnerability is mainly due to the peanut shell client System icon is not properly drop SYSTEM privileges.

A local unprivileged user can access System icon to SYSTEM privileges to execute arbitrary commands.

Trojan: 1. Double-click the taskbar peanut shell icon to open the peanut shell window 2. Click“Help”to open the“forum” 3. In the popup of the IE address bar enter C:\ 4. Switch to the%WINDIR%\System32\ 5. 单击 打开 cmd.exe 6. Then open the cmd. exe with SYSTEM privileges running

Successful exploitation of this vulnerability may obtain SYSTEM privileges

Vendor reply:

2005.07.13 by EMAIL notification to vendors. 2005.07.14 vendor responded that will be in 3. 0 official version to fix this issue 2005.07.20 peanut shell 3. 0 official version released 2005.07.20 this announcement

Update:

Secunia at to verify this vulnerability is found, the latest of the 3. 0. 1. 0 version is still the presence of this defect. A local user can send a SW_SHOW message to tune out the peanut shell window, and thus enhance the permission.

2005.07.21 test code published

Trojan: http://secway.org/exploit/PeanutHull_Local.rar Or see the attachment

Solution: No Please always pay attention to the domain of Science and Technology of patch PeanutHull_Local.rar