Bugtraq mailing list archives

Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution

From: nospam () gmail it
Date: Fri, 25 Oct 2013 09:51:36 GMT

Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution

tested against: Microsoft Windows Server 2008 R2 sp1
download url: http://www.symantec.com/it/it/products-solutions/trialware/
file tested: Symantec_Workspace_Streaming_7.5.0.493.zip

vulnerability:
the "SWS Streamlet Engine" service (as_ste.exe) listening
on public port 9832 (tcp/http) is vulnerable.
It exposes the following servlet 
http://[host]:9832/invoker/EJBInvokerServlet
http://[host]:9832/invoker/JMXInvokerServlet
due to a bundled invoker.sar
The result is remote code execution with NT AUTHORITY\SYSTEM
privileges.

proof of concept url:
http://retrogod.altervista.org/9sg_ejb.html

~rgod~

Current thread:

Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution nospam (Oct 25)