Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-5665 to a friend New vulnerability? New tool? Tell us	CVE-2007-5665 Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability     Credit: The information has been provided by iDefense Labs. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=635 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-5665 Details Check for CVE-2007-5665 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Novell Inc's ZENworks Endpoint Security Management version 3.5 which includes STEngine.exe version 3.5.0.20 Immune Systems:  * Novell Inc's ZENworks Endpoint Security Management version 3.5 which includes STEngine.exe version 3.5.0.82 When the ZENworks ESM Security Client is installed on a workstation, the STEngine service is set to run under the local SYSTEM account. This service is implemented within the following executable.   File Name: STEngine.exe (1,847,296 bytes)   Version: 3.5.0.20   MD5: B5402A1EC8D04130304EBA89AF843916 The service provides functionality for any user to generate a diagnostic report in order to aid in product troubleshooting. During report generation, STEngine attempts to execute various scripts by spawning command shells to gather system information. These scripts are dynamically generated in a directory which all users may write to. STEngine will also attempt to locate a command shell in this directory and execute it if it is found. If a malicious local user places a binary named "cmd.exe" in this directory, STEngine will execute it with SYSTEM level privileges. Analysis: Exploitation allows unprivileged local users to take complete control of the affected system. Exploitation is trivial and does not require any special tools or coding ability. If an attacker desires an interactive command prompt, a small wrapper application will be required in order to ensure that the command window is visible after execution. Vendor response: Novell has addressed this vulnerability by releasing version 3.5.0.82 of Endpoint Security Management. To download this new version, visit the following URL. http://download.novell.com/Download?buildid=5Y6xbs-OKLE~ CVE Information: CVE-2007-5665 Disclosure Timeline: 09/24/2007 - Initial vendor notification 09/25/2007 - Initial vendor response 12/24/2007 - Coordinated public disclosure  Comments on CVE-2007-5665:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®