|
Brought to you by:
Suppliers of:
|
|
|
| |
| Mailtraq is a "comprehensive e-mail SMTP/POP3 and proxy server, with a powerful mailing list server". A privilege escalation flaw exists in Mailtraq that allows local attackers to use the program's systray icon to gain elevated privileges. |
| |
Credit:
The information has been provided by Reed Arvin.
|
| |
Vulnerable Systems:
* Mailtraq version 2.6.1.1677 and prior
Vendor response:
This does not appear to be a security hole as the Mailtraq Console is intended to be operated only by authorized administrators. The console provides direct access to user data and the ability to manipulate e-mail and other sensitive data for all users. For this reason, in environments where non-administrators may be granted physical access to the desktop we expect administrators to secure the console by password protection. (This feature is enabled in the Server Properties.) If the console is secured in this manner, standard dialog functions such as that you described are only available to administrators.
Exploit:
1. Double click on the Mailtraq icon in the Taskbar
2. Right click in the right text pane and choose View Source
3. Notepad should open. Click File, click Open
4. In the Files of type: field choose All Files
5. Navigate to %WINDIR%\System32\
6. Right click on cmd.exe and choose Open
7. A command prompt will launch with SYSTEM privileges
|
|
|
|
|
