BugTraq
Back to list
|
Post reply
FW: Updated Version & Exploit - Privilege escalation in Nortel Contivity VPN Client V05_01.030
Aug 12 2005 02:49PM
Jeff Peadro (jeff peadro gmail com)
Updated to add additional version & exploit details. Reps to Crime Dog
Vulnerable Versions:
Nortel Contivity VPN Client V05_01.100
Patches/Workarounds:
Good question
Exploit:
1. With the Contivity client open click go into "Group
Authentication Options"
2. Select "Challenge Response Token" options.
3. Click on the "Software Token Directory" browse button.
4. Change Files of type: to All Files, navigate to the system32
directory and locate cmd.exe. Right click cmd.exe and choose Open.
The result is a command prompt running under the context of the
LocalSystem account.
Discovered by Crime Dog thecrimedog[at]sbcglobal[dot]net
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Vulnerable Versions:
Nortel Contivity VPN Client V05_01.100
Patches/Workarounds:
Good question
Exploit:
1. With the Contivity client open click go into "Group
Authentication Options"
2. Select "Challenge Response Token" options.
3. Click on the "Software Token Directory" browse button.
4. Change Files of type: to All Files, navigate to the system32
directory and locate cmd.exe. Right click cmd.exe and choose Open.
The result is a command prompt running under the context of the
LocalSystem account.
Discovered by Crime Dog thecrimedog[at]sbcglobal[dot]net
[ reply ]