VULNERABILITIES / FIXES - November 06, 2012
by Carol~ - 11/6/12 1:42 PM
Sysax FTP Automation Task Scheduling Privilege Escalation Security Issue
Release Date: 2012-11-06
Criticality level : Less critical
Impact: Privilege escalation
Where : Local System
Solution Status : Vendor Patch
Software: Sysax FTP Automation 5.x
Craig Freyman has discovered a security issue in Sysax FTP Automation, which can be exploited by malicious, local users to gain escalated privileges.
The security issue is caused due to the application's scheduling service executing tasks with SYSTEM privileges without prior authorization and can be exploited by unprivileged users to schedule arbitrary tasks.
The security issue is confirmed in version 5.31. Other versions may also be affected.
Update to version 5.34.
Provided and/or discovered by:
Craig Freyman (cd1zz).