[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution



Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution

tested against: Microsoft Windows Server 2008 R2 sp1
download url: http://www.symantec.com/it/it/products-solutions/trialware/
file tested: Symantec_Workspace_Streaming_7.5.0.493.zip

vulnerability:
the "SWS Streamlet Engine" service (as_ste.exe) listening
on public port 9832 (tcp/http) is vulnerable.
It exposes the following servlet 
http://[host]:9832/invoker/EJBInvokerServlet
http://[host]:9832/invoker/JMXInvokerServlet
due to a bundled invoker.sar
The result is remote code execution with NT AUTHORITY\SYSTEM
privileges.

proof of concept url:
http://retrogod.altervista.org/9sg_ejb.html

~rgod~