Bugtraq: Re: Local Privilege Escalation Vulnerabilities in Lotus Notes Client

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Local Privilege Escalation Vulnerabilities in Lotus Notes Client

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 22 Aug 2007 20:29:51 +0400

Dear kochetkov.vladimir () gmail com,

 It looks like duplicated for CVE-2005-2454 and should be fixed in Lotus
 Notes client 7.0.2, see

 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773

 Please specify Notes client version.

--Wednesday, August 22, 2007, 2:25:28 PM, you wrote to bugtraq () securityfocus com:

kvgc> Local Privilege Escalation Through Default ntmulti.exe File Permissions

kvgc> Unprivileged users can execute arbitrary programs that run
kvgc> with the privileges of the LocalSystem account by replacing the
kvgc> Multi-user Cleanup Service executable with arbitrary executables.
kvgc> This vulnerability exists because the default file permissions
kvgc> assigned during installation to ntmulti.exe (the executable for
kvgc> the Multi-user Cleanup Service) allow unprivileged, interactive
kvgc> users to replace ntmulti.exe with any file.

kvgc> Because the Multi-user Cleanup Service is a Windows service
kvgc> running with LocalSystem privileges, unprivileged users can easily
kvgc> elevate their privileges.


-- 
~/ZARAZA http://securityvulns.com/

By Date By Thread

Current thread:

Local Privilege Escalation Vulnerabilities in Lotus Notes Client kochetkov . vladimir (Aug 22)
- Re: Local Privilege Escalation Vulnerabilities in Lotus Notes Client 3APA3A (Aug 22)