Title: NT IBM Netfinity Remote Control Software Vulnerability
Severity: MODERATE
Description:
The IBM Remote Control Software package requires a client module to be loaded on NT hosts to be remotey controlled. This client module is loaded as an NT service and must run under either the local system account or the user context of a user account having administrative privileges.
It has been discovered that this service may be exploited by a local user level account to execute code with administrator privileges. This vulnerability would allow a user (with no admin rights) to execute programs that might allow them to elevate their privileges to that of an administrator.
Affected Products:
- IBM Remote Control Software 1.0.0
References:
- Haith <haith@US.IBM.COM>: IBM's response to "Security Leak with IBM Netfinity Remote Control Software"
- Russ Cooper <Russ.Cooper@RC.ON.CA>: Security Leak with IBM Netfinity Remote Control Software
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
