Vulners
Lucene search
OpenVPN Private Tunnel Core Service Unquoted Service Path Elevation Of Privilege
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2014-5455 | 25 Aug 201416:00 | – | cve |
 | CVE-2014-5455 | 25 Aug 201416:00 | – | cvelist |
 | EUVD-2014-5342 | 7 Oct 202500:30 | – | euvd |
 | HPSBGN3551 rev. 2- HP Hotkey, Escalation of Privilege | 4 Nov 201600:00 | – | hp |
 | CVE-2014-5455 | 25 Aug 201416:55 | – | nvd |
 | Microsoft Windows Unquoted Path Vulnerability (SMB Login) | 23 Mar 201800:00 | – | openvas |
 | Design/Logic Flaw | 25 Aug 201416:55 | – | prion |
 | PT-2014-6485 | 25 Aug 201400:00 | – | ptsecurity |
 | Microsoft Windows Unquoted Service Path Enumeration | 5 Dec 201200:00 | – | nessus |
 | CVE-2014-5455 | 25 Aug 201416:00 | – | vulnrichment |
10
<html><body><p>OpenVPN Private Tunnel Core Service Unquoted Service Path Elevation Of Privilege
Vendor: OpenVPN Technologies, Inc
Product web page: http://www.openvpn.net
Affected version: 2.1.28.0 (PrivateTunnel 2.3.8)
Summary: Private Tunnel is a new approach to true Internet security creating
a Virtual Private Tunnel (VPT) or Virtual Private Network (VPN) that encrypts,
privatizes, and protects your Internet traffic.
Desc: Private Tunnel application suffers from an unquoted search path issue
impacting the Core Service 'ptservice' service for Windows deployed as part
of PrivateTunnel bundle. This could potentially allow an authorized but
non-privileged local user to execute arbitrary code with elevated privileges
on the system. A successful attempt would require the local user to be able
to insert their code in the system root path undetected by the OS or other
security applications where it could potentially be executed during application
startup or reboot. If successful, the local user's code would execute with the
elevated privileges of the application.
Tested on: Microsoft Windows 7 Professional SP1 (EN)
Microsoft Windows XP Professional SP3 (EN)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2014-5192
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php
07.07.2014
---
C:\Users\user>sc qc ptservice
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: ptservice
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Private Tunnel Core Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\Users\user>icacls "C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe"
C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Users:(I)(RX)
Successfully processed 1 files; Failed processing 0 files
C:\Users\user>
</p></body></html>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Jul 2014 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 26.9
CVSS 3.15.3
EPSS0.00158
SSVC