Sysax FTP Automation Server 5.33 – Local Privilege Escalation

Exploit Database
39 阅读

作者： Craig Freyman

日期： 2012-11-04
类别：
- local
平台：
- windows
来源：https://www.exploit-db.com/exploits/22465/

#Title: Sysax FTP Automation Server Local Privilege Escalation
#Author: Craig Freyman (@cd1zz)
#OS Tested: XP SP3 32bit
#Version Tested: 5.33
#Date Discovered: October 1, 2012
#Vendor Contacted: October 21, 2012
#Vendor Response: November 1, 2012
#Demo: http://www.pwnag3.com/2012/11/sysax-ftp-automation-server-privilege.html

Sysax FTP Automation <= 5.33 has a privilege escalation vulnerability. This can be exploited
by leveraging the Scheduled Script -> Scheduled Task functionality. The scheduled task 
function allows you to run any external program/execuable you want, without specifying 
credentials. By default, this product installs under the LOCALSYSTEM service so when the 
binary is executed, it runs under that context. 

Sysax fixed this problem in version 5.34.

last Exploits
Sysax FTP Automation Server 5.33 – Local Privilege Escalation的更多信息

KMPlayer 3.8.0.117 – Local Buffer Overflow：
Free MP3 CD Ripper 2.6 2.8 – ‘.wav’ File Buffer Overflow (SEH)：
TFTP Turbo 4.6.1273 – ‘TFTP Turbo 4’ Unquoted Service Path：
Sophos UTM 9.410 – ‘loginuser’ ‘confd’ Service Privilege Escalation：
GNU glibc – Multiple Local Stack Buffer Overflow Vulnerabilities：
IKEView.exe R60 – ‘.elg’ Local (SEH)：
CloudMe 1.11.2 – Buffer Overflow (SEH,DEP,ASLR)：
Disk Sorter Enterprise 12.4.16 – ‘Disk Sorter Enterprise’ Unquoted Service Path：