mailing list archives
DameWare Mini-RC Shatter
From: ash () felinemenace org
Date: Wed, 13 Aug 2003 01:46:41 -0700
Program: DameWare Mini Remote Control Server
Version: Prior to 220.127.116.11
Impact: Users can escalate to SYSTEM
Writeup and exploits: ash
From DameWare Development web site:
A lightweight remote control intended primarily for administrators
and help desks for quick and easy deployment without external
dependencies and machine reboot. Developed specifically for the 32 bit
Windows environment (Windows 95/98/Me/NT/2000/XP), DameWare Mini Remote
Control is capable of using the Windows challenge/response authentication
and is able to be run both as an application and a service.
Some additional features include View Only,Cursor control, Remote
Clipboard, Performance Settings, Inactivity control, TCP only,
Service Installation and Ping.
DameWare Mini Remote Control Server runs on the users desktop as SYSTEM.
This is vulnerable to a shatter style attack.
See below for a fix that resolves all currently known issues.
As a guest user exploitation results in
F:\Program Files\Resource Kit>WHOAMI.EXE
This type of vulnerability requires some access to a desktop
with DameWare server running.
This is a local privalege escalation vulnerability.
Proof of concept code to exploit this vulnerability is attached.
Check your process list for DWRCS.exe running as SYSTEM
Check the version.
5) Vendor status/notes/fixes/statements
Dameware Development has repaired all current known vulnerabilities.
Dameware Development will continue researching and developing alternate
development methods to ensure their software remains secure.
A fix is available from Dameware Development by downloading version
18.104.22.168 or later from their website.
- DameWare Mini-RC Shatter ash (Aug 13)