Ivanti Workspace Control local privilege escalation via Named Pipe

From: Securify B.V. <lists@securify.nl>
To: bugtraq@securityfocus.com
Cc:
Subject: Ivanti Workspace Control local privilege escalation via Named Pipe
Date:


------------------------------------------------------------------------
Ivanti Workspace Control local privilege escalation via Named Pipe
------------------------------------------------------------------------
Yorick Koster, August 2018

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was found that Ivanti Workspace Control allows a local (unprivileged)
attacker to run arbitrary commands with Administrator privileges. This
issue can be exploited by spawning a new Composer process, injecting a
malicious thread in this process. This thread connects to a Named Pipe
and sends an instruction to a service to launch an attacker-defined
application with elevated privileges.

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully verified on Ivanti Workspace Control version
10.2.700.1 & 10.2.950.0.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
This issue was resolved in Ivanti Workspace Control version 10.3.10.0.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20180802/ivanti-workspace-control-local-privilege-escalation-via-named-pipe.html





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.