TITLE: EMC Retrospect Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA19850 VERIFY ADVISORY: http://secunia.com/advisories/19850/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: EMC Retrospect 7.x http://secunia.com/product/7429/ EMC Retrospect 6.x http://secunia.com/product/1599/ DESCRIPTION: A vulnerability and a weakness have been reported in EMC Retrospect, which can be exploited by malicious, local users to gain escalated privileges. 1) An unspecified error in Retrospect can be exploited by users with access to the backup server to run arbitrary commands with administrator privileges via the File->Open dialog box from within Retrospect. 2) A local user, who is able to replace the "Retrospect.exe" executable with another application that has the same name, can cause the launcher to run it with SYSTEM privileges. The vulnerability and weakness have been reported in versions 6.5, 7.0, and 7.5 for Windows. SOLUTION: Apply patches. Retrospect 7.5: Apply Retrospect Driver Update 7.5.1.105. http://ftp.dantz.com/pub/updates/ru751105.exe Retrospect 7.0: Apply Application Security Update 7.0.344 (requires Retrospect 7.0.326 or Retrospect Express 7.0.301). http://download.dantz.com/archives/Retro-EN_7_0_344.exe Retrospect 6.5: Apply Application Security Update 6.5.382 (requires Retrospect 6.5.350 or Retrospect Express 6.5.350). http://download.dantz.com/archives/Retro-EN_6_5_382.exe PROVIDED AND/OR DISCOVERED BY: The vendor credits Joe Luna. ORIGINAL ADVISORY: http://kb.dantz.com/article.asp?article=9507&p=2 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------