Privilege escalation in Novell ZENworks clients
Novell's ZENworks Endpoint Security Management offers security features including firewalling, application control, data encryption and device control – for example, the ability to deactivate USB sticks – for its client computers. However, a software flaw allows users with restricted privileges to execute programs at SYSTEM privilege level, warn iDefense security labs.
The STEngine.exe file runs in the SYSTEM account context. Users can run it to generate diagnostic reports. To create these reports, the service calls dynamically generated scripts for system information collection from a directory to which all users may write. The service also attempts to locate a cmd.exe shell in this directory and calls it from there if it is found. Malicious users can place an arbitrary program called cmd.exe in the directory, and this program will be executed with SYSTEM level privileges when a report is generated.
According to iDefense, the vulnerability affects version 3.5.0.20 and possibly older versions of Novell's ZENworks Endpoint Security Management. Novell has made version 3.5.0.82 available for download, which is said to no longer include the flaw. Administrators are advised to install the updated version on clients at their earliest convenience.
- Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability, iDefense security advisory
- Download the updated version 3.5.0.82 of Novell's ZENworks Endpoint Security Management
(mba)