eTrust Antivirus Agent r8 Local Privilege Elevation Exploit

ring04h

团队执行官

Rank: 8 Rank: 8

E.S.T核心成员社区主管

帖子: 3921
精华: 128
积分: 209639
阅读权限: 200
性别: 男
在线时间: 1092 小时
注册时间: 2007-10-23
最后登录: 2008-7-9

资料收集奖运营支持奖

发短消息
加为好友
当前离线

楼主大中小发表于 2007-5-12 13:44 只看该作者

eTrust Antivirus Agent r8 Local Privilege Elevation Exploit

[code]/*
----------------------------------------------------------------------
| 48Bits Advisory -=- Privilege Elevation in eTrust Antivirus Agent r8 |
----------------------------------------------------------------------

Affected versions :

  I have tested with:

  - eTrust Antivirus Agent r8 - http://www3.ca.com/solutions/Product.aspx?ID=156
               (With INOCORE.DLL 8.0.403.0) under XPSP2 and W2KSP4)

Description :

  eTrust Antivirus r8 is prone to a stack-based buffer overflow vulnerability.

  The Affected component is "eTrust Task service" running as a Windows service,
  the executable file is located at:

  "%PROGRAMFILES%\CA\eTrustITM\InoTask.exe"

  eTrust Task service uses a shared file mapping named "INOQSIQSYSINFO" as an
  IPC mechanism, this file mapping have a NULL security descriptor so anyone
  can view/modify it. This mapping contains information about scheduled tasks,
  including a field where is specified the file job

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 安全测试代码{ Exploits and Shellcode } » eTrust Antivirus Agent r8 Local Privilege Elevation Exploit