aclient.txt

2004-11-20T00:00:00
ID PACKETSTORM:35100
Type packetstorm
Reporter Reed Arvin
Modified 2004-11-20T00:00:00

Description

                                        
                                            `  
  
Summary:  
A privilege escalation flaw exists in the AClient Service for Windows (Version 5.6.181) (http://www.altiris.com/).  
  
Details:  
A privilege escalation technique can be used to gain SYSTEM level  
access while interacting with the AClient Service for Windows tray icon.  
  
Vulnerable Versions:  
Altiris Deployment Solution 5.6 SP1 (Hotfix E)  
  
Solutions:  
The vendor was notified of the issue. There was no technical response. The vendor will not give support without a support contract.  
  
Exploit:  
1. Right click on the Altiris Client Service icon in the Taskbar and choose View Log File  
2. Notepad should open. Click File, click Open  
3. In the Files of type: field choose All Files  
4. Navagate to %WINDIR%\System32\  
5. Right click on cmd.exe and choose Open  
6. A new command shell with launch with SYSTEM privileges  
  
Discovered by Reed Arvin reedarvin[at]gmail[dot]com  
`