Уязвимость обнаружена в Cisco VPN Client. Локальный пользователь может получить административные привилегии.
Сообщается, что локальный пользователь может получить административные привилегии на хосте, который использует Cisco VPN Client. Локальный пользователь может перезаписать фай
ipsecdialer.exe на explorer.exe, чтобы в последствии
explorer.exe был запущен VPN клиентом с Local System привилегиями. Порядок выполняемых действий описан ниже:
- Log on as a standard user.
- Browse to the C:\winnt directory, right click on explorer.exe and choose copy.
- Browse to C:\Program Files\Cisco Systems\VPN Client (the directory with ipsecdialer.exe) and paste a copy of
explorer.exe into the folder.
- Double click on ipsecdialer.exe and select options > Windows logon properties.
- Click on the first box to "enable start before log on".
- Click OK and Close.
- Rename ipsecdialer.exe to ipsecdialer.ex_
- Rename the copy of explorer.exe to ipsecdialer.exe
- Close any open windows.
- log out.
- log back on as the same standard user.
- Click okay on any error messages that appear.
- DO NOT CLOSE THE EXPLORER WINDOW THAT IS OPEN.
- At this point you may see your desktop or you may not (have had it happen both ways), but whatever the case, that Explorer window is open as local system and anything else you see is opened as the standard
user.
- In the open explorer window press the Up folder icon until you get to My
computer.
- Double click on Control Panel, then Administrative Tools, then Computer Management
- Expand Local Users and Groups and add your Standard User account to the Local Administrators
Group.