Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29956
HistoryOct 28, 2013 - 12:00 a.m.

Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution

2013-10-2800:00:00
vulners.com
33

Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution

tested against: Microsoft Windows Server 2008 R2 sp1
download url: http://www.symantec.com/it/it/products-solutions/trialware/
file tested: Symantec_Workspace_Streaming_7.5.0.493.zip

vulnerability:
the "SWS Streamlet Engine" service (as_ste.exe) listening
on public port 9832 (tcp/http) is vulnerable.
It exposes the following servlet
http://[host]:9832/invoker/EJBInvokerServlet
http://[host]:9832/invoker/JMXInvokerServlet
due to a bundled invoker.sar
The result is remote code execution with NT AUTHORITY\SYSTEM
privileges.

proof of concept url:
http://retrogod.altervista.org/9sg_ejb.html

~rgod~