Full Disclosure mailing list archives
Ivanti Workspace Control local privilege escalation via Named Pipe
From: "Securify B.V. via Fulldisclosure" <fulldisclosure () seclists org>
Date: Mon, 1 Oct 2018 17:26:38 +0200
------------------------------------------------------------------------ Ivanti Workspace Control local privilege escalation via Named Pipe ------------------------------------------------------------------------ Yorick Koster, August 2018 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was found that Ivanti Workspace Control allows a local (unprivileged) attacker to run arbitrary commands with Administrator privileges. This issue can be exploited by spawning a new Composer process, injecting a malicious thread in this process. This thread connects to a Named Pipe and sends an instruction to a service to launch an attacker-defined application with elevated privileges. ------------------------------------------------------------------------ Tested versions ------------------------------------------------------------------------ This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 & 10.2.950.0. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ This issue was resolved in Ivanti Workspace Control version 10.3.10.0. ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20180802/ivanti-workspace-control-local-privilege-escalation-via-named-pipe.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Ivanti Workspace Control local privilege escalation via Named Pipe Securify B.V. via Fulldisclosure (Oct 01)