Full Disclosure mailing list archives
IVPN Client for Windows 2.6.6120.33863 Privilege Escalation
From: Kacper Szurek <kacperszurek () gmail com>
Date: Mon, 6 Feb 2017 16:33:16 +0100
# Exploit: IVPN Client for Windows 2.6.6120.33863 Privilege Escalation # Date: 06.02.2017 # Software Link: https://www.ivpn.net/ # Exploit Author: Kacper Szurek # Contact: https://twitter.com/KacperSzurek # Website: https://security.szurek.pl/ # Category: local 1. Description It is possible to run `openvpn` as `SYSTEM` with custom openvpn.conf. Using `--up cmd` we can execute any command. https://security.szurek.pl/ivpn-client-for-windows-26612033863-privilege-escalation.html 2. Proof of Concept https://github.com/kacperszurek/exploits/blob/master/IVPN/ivpn_privilege_escalation.py 3. Solution Update to version 2.6.2 https://www.ivpn.net/setup/windows-changelog.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- IVPN Client for Windows 2.6.6120.33863 Privilege Escalation Kacper Szurek (Feb 06)