In association with heise online

07 January 2008, 10:14

Privilege escalation in Novell ZENworks clients

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Novell's ZENworks Endpoint Security Management offers security features including firewalling, application control, data encryption and device control – for example, the ability to deactivate USB sticks – for its client computers. However, a software flaw allows users with restricted privileges to execute programs at SYSTEM privilege level, warn iDefense security labs.

The STEngine.exe file runs in the SYSTEM account context. Users can run it to generate diagnostic reports. To create these reports, the service calls dynamically generated scripts for system information collection from a directory to which all users may write. The service also attempts to locate a cmd.exe shell in this directory and calls it from there if it is found. Malicious users can place an arbitrary program called cmd.exe in the directory, and this program will be executed with SYSTEM level privileges when a report is generated.

According to iDefense, the vulnerability affects version 3.5.0.20 and possibly older versions of Novell's ZENworks Endpoint Security Management. Novell has made version 3.5.0.82 available for download, which is said to no longer include the flaw. Administrators are advised to install the updated version on clients at their earliest convenience.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-735757
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit