IBM Lotus Notes NTMulti.EXE Local Privilege Escalation Vulnerability
BID:25401
Info
IBM Lotus Notes NTMulti.EXE Local Privilege Escalation Vulnerability
| Bugtraq ID: | 25401 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 22 2007 12:00AM |
| Updated: | Aug 31 2007 05:22PM |
| Credit: | [email protected] discovered this issue. |
| Vulnerable: |
IBM Lotus Notes 0 |
| Not Vulnerable: | |
Discussion
IBM Lotus Notes NTMulti.EXE Local Privilege Escalation Vulnerability
IBM Lotus Notes is prone to a local privilege-escalation vulnerability because it fails to assign proper file permissions during installation.
Attackers can exploit this issue to run arbitrary applications with SYSTEM-level privileges. Successful attacks will completely compromise affected computers.
NOTE: This issue may be related to the one covered under BID 20612, but his has not been confirmed. We will update this BID as more information emerges.
IBM Lotus Notes is prone to a local privilege-escalation vulnerability because it fails to assign proper file permissions during installation.
Attackers can exploit this issue to run arbitrary applications with SYSTEM-level privileges. Successful attacks will completely compromise affected computers.
NOTE: This issue may be related to the one covered under BID 20612, but his has not been confirmed. We will update this BID as more information emerges.
Exploit / POC
IBM Lotus Notes NTMulti.EXE Local Privilege Escalation Vulnerability
No specific exploit is required. An attacker can leverage this issue to run any arbitrary file with elevated privileges.
No specific exploit is required. An attacker can leverage this issue to run any arbitrary file with elevated privileges.
Solution / Fix
IBM Lotus Notes NTMulti.EXE Local Privilege Escalation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
IBM Lotus Notes NTMulti.EXE Local Privilege Escalation Vulnerability
References:
References: