Ivanti Workspace Control Application Whitelist bypass via PowerGrid- /SEE command line argument

From: Securify B.V. <lists@securify.nl>
To: bugtraq@securityfocus.com
Cc:
Subject: Ivanti Workspace Control Application Whitelist bypass via PowerGrid- /SEE command line argument
Date:


------------------------------------------------------------------------
Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE
command line argument
------------------------------------------------------------------------
Yorick Koster, August 2018

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was found that the PowerGrid application can be used to run arbitrary
commands via the /SEE command line option. An attacker can abuse this
issue to bypass Application Whitelisting in order to run arbitrary code
on the target machine.

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully verified on Ivanti Workspace Control version
10.2.950.0.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
This issue is mitigated in Ivanti Workspace Control version 10.3.0.0.
The fix included in this version prevents the creation of XML files
within the WMTemp folder, effectively preventing this issue from being
exploited.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20180806/ivanti-workspace-control-application-whitelist-bypass-via-powergrid-_see-command-line-argument.html





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.