|
Full Disclosure
mailing list archives
RE: [Bugtraq] McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE]
From: Francis Favorini <francis.favorini () duke edu>
Date: Wed, 15 Sep 2004 19:14:51 -0400
bashis [mailto:mcw () wcd se] wrote...
There is a trick to get SYSTEM shell in VirusScan Enterprise
7.1.0 and the 'brand' new version 8.0.0 also.
Do a new task, for a example "Update" and choose a program to
run after the task, do this task to run with a schedule,
efter this task is done the chosen program is running with
SYSTEM priviligies.
In my experience, non-admin users cannot add or edit tasks on VirusScan
Enterprise 7.1 (on Win XP). In fact they cannot change any settings. They
can only start an existing scan or update task. Perhaps you have relaxed
permissions on HKLM\Software\Network Associates\TVD? Ours are set to Read
for the Users group (inherited from HKLM\Software). Or maybe your users are
running as Power Users? Also, you can set a password on the user interface
to prevent changing the settings of your choice.
-Francis
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
| 
Intro
