BugTraq
Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution Oct 25 2013 09:51AM
nospam gmail it
Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution

tested against: Microsoft Windows Server 2008 R2 sp1
download url: http://www.symantec.com/it/it/products-solutions/trialware/
file tested: Symantec_Workspace_Streaming_7.5.0.493.zip

vulnerability:
the "SWS Streamlet Engine" service (as_ste.exe) listening
on public port 9832 (tcp/http) is vulnerable.
It exposes the following servlet
http://[host]:9832/invoker/EJBInvokerServlet
http://[host]:9832/invoker/JMXInvokerServlet
due to a bundled invoker.sar
The result is remote code execution with NT AUTHORITY\SYSTEM
privileges.

proof of concept url:
http://retrogod.altervista.org/9sg_ejb.html

~rgod~

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus