From: Ian Vitek (ian.vitek@sigtrap.org)
Date: Sun Feb 22 2004 - 06:33:04 EST
Dell TrueMobile Wireless Help Privilege Escalation Vulnerability
================================================================
Overview
--------
Successful exploitation elevates the local user rights to SYSTEM. This may only be considered a threat on a multi user system (Terminal Services, Citrix or a public computer).
Verified systems
----------------
Windows XP and Dell TrueMobile 1300 WLAN Mini-PCI Card Utility Tray Applet Version 3.10.39.0.
Other operating systems and versions may be vulnerable.
Description
-----------
The SYSTEM rights are not dropped when accessing the Dell TrueMobile Wireless Help from the systray applet. By right clicking and choosing Help -> Help Files and then from the help; Jump to URL C:\WINDOWS\SYSTEM32\CMD.EXE, gives you SYSTEM privileges. You can also gain SYSTEM privileges by right clicking and choosing Help -> About. By clicking on a link, Internet Explorer will start with SYSTEM privileges. Programs started from the web browser do not get their privileges dropped.
Vendor contacts
---------------
Feb 21 2004 02:08
From: csd at dell dot com
To: dell at sigtrap dot org
"Please ensure that your customer account or order/invoice number
is included with your reply."
Feb 21 2004 02:52
From: dell at sigtrap dot org
To: uscemcsd1 at dell dot com
"You (Dell) have a security problem in your (Dells) software.
Detailed description below.
I don't have any problem.
If you (Dell) want to close this case, please do, but contact me ( dell at sigtrap dot org ) first."
Feb 21 2004 15:54
From: csd at dell dot com
To: dell at sigtrap dot org
"I apologize, but I am unable to locate your account under this
e-mail address."
Dell tracking number: AT20040220_0000021076
Credit
------
Discovered by Ian Vitek
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:21:44 EDT