eTrust Antivirus Agent r8 Local Privilege Elevation Exploit
[code]/*----------------------------------------------------------------------
| 48Bits Advisory -=- Privilege Elevation in eTrust Antivirus Agent r8 |
----------------------------------------------------------------------
Affected versions :
I have tested with:
- eTrust Antivirus Agent r8 - [url]http://www3.ca.com/solutions/Product.aspx?ID=156[/url]
(With INOCORE.DLL 8.0.403.0) under XPSP2 and W2KSP4)
Description :
eTrust Antivirus r8 is prone to a stack-based buffer overflow vulnerability.
The Affected component is "eTrust Task service" running as a Windows service,
the executable file is located at:
"%PROGRAMFILES%\CA\eTrustITM\InoTask.exe"
eTrust Task service uses a shared file mapping named "INOQSIQSYSINFO" as an
IPC mechanism, this file mapping have a NULL security descriptor so anyone
can view/modify it. This mapping contains information about scheduled tasks,
including a field where is specified the file job
页:
[1]