Altiris Deployment Solution AClient System Tray Icon Privilege Escalation

2004-11-19T11:45:13
ID OSVDB:15897
Type osvdb
Reporter RedTeam Pentesting()
Modified 2004-11-19T11:45:13

Description

Vulnerability Description

Deployment Solution contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user activates the client interface by launching the software from an icon in the Windows system tray and uses it to launch an arbitrary program. This will cause the program to run with the same privileges as the Altiris client allowing local privilege escalation.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Deployment Solution contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user activates the client interface by launching the software from an icon in the Windows system tray and uses it to launch an arbitrary program. This will cause the program to run with the same privileges as the Altiris client allowing local privilege escalation.

Manual Testing Notes

  1. Right click on the Altiris Client Service icon in the Taskbar and choose View Log File
  2. Notepad should open. Click File, click Open
  3. In the Files of type: field choose All Files
  4. Navagate to '%WINDIR%\System32'. Right click on 'cmd.exe' and choose Open
  5. A new command shell with launch with SYSTEM privileges

References:

Vendor URL: http://www.altiris.com/ Security Tracker: 1012271 Secunia Advisory ID:15159 Secunia Advisory ID:13265 Related OSVDB ID: 15896 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0253.html ISS X-Force ID: 18189 CVE-2005-1590 Bugtraq ID: 11709