0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Symantec pcAnywhere Insecure File Permissions Local Privilege Escalation
======= Summary ======= Name: Symantec pcAnywhere insecure file permissions local privilege escalation Release Date: 30 April 2012 Reference: NGS00117 Discoverer: Edward Torkington <edward.torkington@ngssecure.com> Vendor: Symantec Vendor Reference: Systems Affected: Symantec pcAnywhere 12.5.x IT Management Suite 7.0 pcAnywhere Solution 12.5.x IT Management Suite 7.1 pcAnywhere Solution 12.6.x Risk: High Status: Fixed ======== TimeLine ======== Discovered: 23 August 2011 Released: 14 September 2011 Approved: 14 September 2011 Reported: 23 August 2011 Fixed: 24 January 2012 Published: 30 April 2012 =========== Description =========== Inadequate file permissions on application binaries could result on local privilege escalation ================= Technical Details ================= A number of key files in the C:\Program Files\Symantec\pcAnywhere\ folder are writable by any user: C:\Program Files\Symantec\pcAnywhere\WinAw32.exe Everyone:(OI)(CI)F NT AUTHORITY\SYSTEM:(OI)(CI)F C:\Program Files\Symantec\pcAnywhere\awrem32.exe Everyone:(OI)(CI)F NT AUTHORITY\SYSTEM:(OI)(CI)F C:\Program Files\Symantec\pcAnywhere\awhost32.exe Everyone:(OI)(CI)F NT AUTHORITY\SYSTEM:(OI)(CI)F It is trivial to replace these .exe (including the main pcanywhere exe, winaw32.exe with a malicious binary). When launched by the admin, privilege escalation would be gained. The awhost32.exe is set as a service under some scenarios (SYSTEM) and allows a user to privilege escalate by overwriting this binary. =============== Fix Information =============== An updated version of the software has been released to address these vulnerabilities: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security _advisory&pvid=security_advisory&year=2012&suid=20120124_00 # 0day.today [2024-12-24] #