Saturday, November 3, 2012

Sysax FTP Automation Server Privilege Escalation

Sysax FTP Automation Server <= 5.33 has a privilege escalation vulnerability. By default the "Sysax Scheduler" service runs as SYSTEM. The problem is that you can point the scheduler to any file you want and it will be executed as SYSTEM. Not much to this one, here is an example of exploitation:

Sysax has been notified and fixed this in version 5.34. Now, you're required to enter credentials and the system executes the file under the context of that user.