SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Dell TrueMobile Vendors:   Dell
Dell TrueMobile Help Application Yields SYSTEM Privileges to Local Users
SecurityTracker Alert ID:  1009174
SecurityTracker URL:  http://securitytracker.com/id/1009174
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 23 2004
Impact:   Execution of arbitrary code via local system, Root access via local system
Exploit Included:  Yes  
Version(s): 3.10.39.0
Description:   A vulnerability was reported in the Dell TrueMobile utility tray applet. A local user can gain SYSTEM privileges on the target system.

Ian Vitek reported that a local user can invoke the Help application for the Dell TrueMobile 1300 WLAN Mini-PCI Card and execute a command shell with SYSTEM privileges.

Demonstration exploit steps are provided in the Source Message.

The vendor was reportedly notified on February 21, 2004.

Impact:   A local user can execute arbitrary commands and applications with SYSTEM privileges.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.dell.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [VulnWatch] Dell TrueMobile Wireless Help Privilege Escalation Vulnerability


Dell TrueMobile Wireless Help Privilege Escalation Vulnerability
================================================================

Overview
--------
Successful exploitation elevates the local user rights to SYSTEM. This may only be considered a threat on a multi user system (Terminal
 Services, Citrix or a public computer).

Verified systems
----------------
Windows XP and Dell TrueMobile 1300 WLAN Mini-PCI Card Utility Tray Applet Version 3.10.39.0.
Other operating systems and versions may be vulnerable.

Description
-----------
The SYSTEM rights are not dropped when accessing the Dell TrueMobile Wireless Help from the systray applet. By right clicking and
 choosing Help -> Help Files and then from the help; Jump to URL C:\WINDOWS\SYSTEM32\CMD.EXE, gives you SYSTEM privileges. You can
 also gain SYSTEM privileges by right clicking and choosing Help -> About. By clicking on a link, Internet Explorer will start with
 SYSTEM privileges. Programs started from the web browser do not get their privileges dropped. 

Vendor contacts
---------------
Feb 21 2004 02:08
From: csd at dell dot com
To: dell at sigtrap dot org
"Please ensure that your customer account or order/invoice number
is included with your reply."

Feb 21 2004 02:52
From: dell at sigtrap dot org
To: uscemcsd1 at dell dot com
"You (Dell) have a security problem in your (Dells) software.
Detailed description below.
I don't have any problem.
If you (Dell) want to close this case, please do, but contact me ( dell at sigtrap dot org  ) first."

Feb 21 2004 15:54
From: csd at dell dot com
To: dell at sigtrap dot org
"I apologize, but I am unable to locate your account under this
e-mail address."

Dell tracking number: AT20040220_0000021076

Credit
------
Discovered by Ian Vitek


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC