Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:9244
HistoryJul 20, 2005 - 12:00 a.m.

[Full-disclosure] PeanutHull Local Privilege Escalation Vulnerability

2005-07-2000:00:00
vulners.com
13
JSON

PeanutHull Local Privilege Escalation Vulnerability

by Sowhat

EN: http://secway.org/advisory/AD20050720EN.txt
CN: http://secway.org/advisory/AD20050720CN.txt

Product Affected:

PeanutHull <= 3.0 Beta 5

Overview:

Oray Inc. is the world's biggest DDNS (Dynamic Domain Name Service)
Provider (According to their WEBSITE). PeanutHull is the DDNS client
For more information ,see http://www.oray.net

Details:

The vulnerability is caused due to SYSTEM privileges are not
dropped when accessing the PeanutHull from the System Tray icon.

A local non-privileged user can access the application via the
system tray and can execute commands with Local System privileges.

Exploit:

  1. Double click on the PeanutHull icon in the Taskbar to open
    the PeanutHull window.
  2. Click Help, click BBS
  3. Type C:\ in the poped up IE Address BAR
  4. Navagate to %WINDIR%\System32\
  5. click CMD.exe
  6. A new command shell will open with SYSTEM privileges

Exploitng this vulnerability allows local non-privileged user
to obtain SYSTEM privilege.

Vendor Response:

2005.07.13 Vendor notified via email
2005.07.14 Vendor responsed that this problem will be fixed
in the 3.0 Final Version.
2005.07.20 PeanutHull 3.0 Released
2005.07.20 So I released this advisory

Please update to PeanutHull 3.0
http://www.oray.net

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON