Reaction Information Security

Penetration testing at its best.

Network penetration testing, web application security, firewall review, CHECK pen testing, server build review, social engineering..


Safend Data Protection Agent (SDPAgent) Privilege Escalation via WRITE_DAC privileges

Summary

The Safend Data Protection Agent is vulnerable to a privilege elevation vulnerability in the SDPAgent Windows service file.

  • CVE number: CVE-2012-4760
  • Impact: Medium
  • Vendor homepage: http://www.wave.com/products/safend-protector
  • Vendor notified: 11/09/2012
  • Vendor response (updated 4/12/2012): WRITE_DAC access: despite the fact that indeed the permission allows such change we enforce even more powerful protection on both SDPAgent.exe and SDBAgent.exe and prevent any attempt to modify (as part of all versions) or even rename such file (as part of latest version you did not test) so the vulnerability is not exploitable.
  • Credit: Joseph Sheridan of ReactionIS

Affected Products

Safend Data (Client software) 3.4.5586.9772. Other versions may also be affected.

Details

The SDPagent service has 'WRITE_DAC' privileges set for all local users. The WRITE_DAC privilege would allow a local user to rewrite the acl and give himself full control of the file which could then be trojaned to gain full local admin privileges. The following is the output from the cacls command:

C:\Program Files\Safend\Data Protection Agent\SDPAgent.exe BUILTIN\Users:(special access:)

READ_CONTROL
WRITE_DAC
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_READ_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES

Impact

An attacker may be able to elevate privileges to local administrator level.

Solution

This issue will be fixed in the next release.

About ReactionIS

Reaction Information Security is a leading independent pen test consultancy specialising in delivering the highest quality security testing services including network pen testing and web application security testing. As a CESG CHECK Service Provider we are authorised to carry out penetration testing on classified government networks.

Get a Quote Online

Submit your testing requirements online and one of the team will get right back to you.

Penetration Testing Services

Firewall reviews, database audits, code reviews, social engineering and more..

Application Security

Ensure your web and mobile apps are safe from attack.

Read more