Vigil@nce - HP SiteScope: privilege escalation via DNS Tool
December 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use the DNS Tool of HP SiteScope, in order to
escalate his privileges.
Impacted products: SiteScope.
Severity: 2/4.
Creation date: 12/10/2015.
DESCRIPTION OF THE VULNERABILITY
The HP SiteScope product usually allows local users to access to
DNS tools.
However, on Windows, an attacker can ask the resolution of
"example.com & shell-command". In this case, as "&" is a command
separator, the shell command is run with privileges of the
SiteScope service (SYSTEM).
A local attacker can therefore use the DNS Tool of HP SiteScope,
in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/HP-SiteScope-privilege-escalation-via-DNS-Tool-18072