Kaspersky Administration Kit Lets Remote Users Execute Arbitrary Code on SMB Scanned Hosts
|
|
SecurityTracker Alert ID: 1025442 |
|
SecurityTracker URL: http://securitytracker.com/id/1025442
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 25 2011
|
Impact:
Host/resource access via network
|
Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 6.0 MP1/MP2, 8.0
|
Description:
A vulnerability was reported in Kaspersky Administration Kit. A remote user can conduct attacks against potentially vulnerable hosts.
The 'Scan IP subnets' function uses NTLM authentication to access target hosts via SMB during scanning. A remote user with the ability to conduct a man-in-the-middle attack using SMBRelay can execute arbitrary code on the scanned hosts when the Administration Server conducts a scan.
The original advisory is available at:
http://dsecrg.ru/pages/vul/show.php?id=318
Alexey Sintsov of Digital Security Research Group [DSecRG] reported this vulnerability.
|
Impact:
A remote user can conduct attacks against potentially vulnerable hosts.
|
Solution:
No solution was available at the time of this entry.
As a workaround, the vendor recommends using a domain account member of local administrators group on the host running the Administration Server.
The vendor's advisory is available at:
http://support.kaspersky.com/faq/?qid=208284121
|
Vendor URL: support.kaspersky.com/faq/?qid=208284121 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
