F-Secure BackWeb Local Privilege Escalation Vulnerability
BID:10055
Info
F-Secure BackWeb Local Privilege Escalation Vulnerability
| Bugtraq ID: | 10055 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 06 2004 12:00AM |
| Updated: | Apr 06 2004 12:00AM |
| Credit: | Ian Vitek is credited with disclosing this vulnerability. |
| Vulnerable: |
F-Secure BackWeb 6.31 |
| Not Vulnerable: | |
Discussion
F-Secure BackWeb Local Privilege Escalation Vulnerability
A vulnerability has been reported in F-Secure BackWeb that may permit local attackers to gain system level privileges. The source of this vulnerability is that certain areas within the BackWeb interface permit arbitrary programs to be invoked with LOCAL SYSTEM privileges.
The F-Secure BackWeb component appears to be included in a number of other products, including various F-Secure Anti-Virus releases, F-Secure Internet Gatekeeper and F-Secure Policy Manager.
A vulnerability has been reported in F-Secure BackWeb that may permit local attackers to gain system level privileges. The source of this vulnerability is that certain areas within the BackWeb interface permit arbitrary programs to be invoked with LOCAL SYSTEM privileges.
The F-Secure BackWeb component appears to be included in a number of other products, including various F-Secure Anti-Virus releases, F-Secure Internet Gatekeeper and F-Secure Policy Manager.
Exploit / POC
F-Secure BackWeb Local Privilege Escalation Vulnerability
The following examples were provided:
To reproduce on Window NT 4:
- Start BackWeb from the systray, press F1, press F1, Help about change font or color, Click on more information at the end (and view the information about the desktop), Click on the link "Screen settings", Backgound, Browse, Start CMD.EXE.
To reproduce on Windows XP:
- Create a local printer (to file), Right click on the BackWeb icon on the systray and choose "Display Channel Status", Help, Print, Add a new printer, Start explorer from any link (like "Why driver signing is imortant" or "Windows logo program"), Start CMD.EXE.
The following examples were provided:
To reproduce on Window NT 4:
- Start BackWeb from the systray, press F1, press F1, Help about change font or color, Click on more information at the end (and view the information about the desktop), Click on the link "Screen settings", Backgound, Browse, Start CMD.EXE.
To reproduce on Windows XP:
- Create a local printer (to file), Right click on the BackWeb icon on the systray and choose "Display Channel Status", Help, Print, Add a new printer, Start explorer from any link (like "Why driver signing is imortant" or "Windows logo program"), Start CMD.EXE.
Solution / Fix
F-Secure BackWeb Local Privilege Escalation Vulnerability
Solution:
F-Secure has released an update to address this issue.
F-Secure BackWeb 6.31
Solution:
F-Secure has released an update to address this issue.
F-Secure BackWeb 6.31
-
F-Secure BW_631_hotfix.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsbw/BW_631_hotfix.fsfix
References
F-Secure BackWeb Local Privilege Escalation Vulnerability
References:
References:
- F-Secure BackWeb Homepage (F-Secure)