ID PACKETSTORM:35100 Type packetstorm Reporter Reed Arvin Modified 2004-11-20T00:00:00
Description
`
Summary:
A privilege escalation flaw exists in the AClient Service for Windows (Version 5.6.181) (http://www.altiris.com/).
Details:
A privilege escalation technique can be used to gain SYSTEM level
access while interacting with the AClient Service for Windows tray icon.
Vulnerable Versions:
Altiris Deployment Solution 5.6 SP1 (Hotfix E)
Solutions:
The vendor was notified of the issue. There was no technical response. The vendor will not give support without a support contract.
Exploit:
1. Right click on the Altiris Client Service icon in the Taskbar and choose View Log File
2. Notepad should open. Click File, click Open
3. In the Files of type: field choose All Files
4. Navagate to %WINDIR%\System32\
5. Right click on cmd.exe and choose Open
6. A new command shell with launch with SYSTEM privileges
Discovered by Reed Arvin reedarvin[at]gmail[dot]com
`
{"hash": "56e73f26c3c83aca01edb9b39f97edc40b67ecd34edd2aaa10eae4309e1b91aa", "sourceHref": "https://packetstormsecurity.com/files/download/35100/aclient.txt", "title": "aclient.txt", "id": "PACKETSTORM:35100", "published": "2004-11-20T00:00:00", "description": "", "modified": "2004-11-20T00:00:00", "sourceData": "` \n \nSummary: \nA privilege escalation flaw exists in the AClient Service for Windows (Version 5.6.181) (http://www.altiris.com/). \n \nDetails: \nA privilege escalation technique can be used to gain SYSTEM level \naccess while interacting with the AClient Service for Windows tray icon. \n \nVulnerable Versions: \nAltiris Deployment Solution 5.6 SP1 (Hotfix E) \n \nSolutions: \nThe vendor was notified of the issue. There was no technical response. The vendor will not give support without a support contract. \n \nExploit: \n1. Right click on the Altiris Client Service icon in the Taskbar and choose View Log File \n2. Notepad should open. Click File, click Open \n3. In the Files of type: field choose All Files \n4. Navagate to %WINDIR%\\System32\\ \n5. Right click on cmd.exe and choose Open \n6. A new command shell with launch with SYSTEM privileges \n \nDiscovered by Reed Arvin reedarvin[at]gmail[dot]com \n`\n", "reporter": "Reed Arvin", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "638035b16563620dd00333c8e3582fa4"}, {"key": "modified", "hash": "fd352424e478478d58ef1f94cb3dfdaf"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "fd352424e478478d58ef1f94cb3dfdaf"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "f441c7804e3d3ec6703e5fe30e3bc68d"}, {"key": "sourceData", "hash": "9ec0021ccd62647b7a6049e54615ed1b"}, {"key": "sourceHref", "hash": "574e6ce894a601d0f7f77e39c3da52b2"}, {"key": "title", "hash": "3a29c2a8950b0741e7eed5c816504f79"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/35100/aclient.txt.html", "lastseen": "2016-11-03T10:16:04", "viewCount": 0, "enchantments": {"vulnersScore": 6.5}}