[38512] in bugtraq
APG Classmaster Workstation Windows SMB share access vulnerability
daemon@ATHENA.MIT.EDU (Alex Garrett)
Thu Apr 21 17:54:30 2005
Date: 21 Apr 2005 11:50:33 -0000
Message-ID: <20050421115033.20899.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Alex Garrett <alex@exploitthissite.org>
To: bugtraq@securityfocus.com
Greetings,
This vulnerability affects (I believe) all APG Classmaster Workstation
versions. It remains a problem as an attacker can access shares with full permissions over a LAN.
An attackers needs to issue a simple command in an MSDOS prompt (using the net windows application), mapping an account to a specified drive, as below:
net use [drive]: \\[server]\[user]$
A DIR command at this stage gives an access denied error. Knowing the name of the files area (which will be the same for each user) can lead to changing directory to that folder...
cd 'My files'
An attacker now has full permissions on a selected users 'my files' area.
Alex Garrett
