Vulnerabilities > CVE-2003-1121

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
nessus
NVD
Published: 2003-12-31
Updated: 2024-11-20

Summary

Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe).

Vulnerable Configurations

Part Description Count
Application
Scriptlogic
1

Nessus

NASL familyWindows
NASL idSMB_SVC_SCRIPTLOGIC.NASL
descriptionThe ScriptLogic service is running on this port. There is a flaw in versions up to 4.05 of this service which may allow an attacker to write arbitrary values in the remote registry with administrator privileges, which can be used to gain a shell on this host. *** Since Nessus was unable to determine the version of ScriptLogic *** running on this host, this might be a false positive.
last seen2020-06-01
modified2020-06-02
plugin id11562
published2003-05-04
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11562
titleScriptLogic Multiple Service Remote Privilege Escalation
code
#
# (C) Tenable Network Security, Inc.
#

include( 'compat.inc' );

if (description)
{
  script_id(11562);
  script_version("1.15");
  script_cvs_date("Date: 2018/07/30 15:31:32");

  script_cve_id("CVE-2003-1121");
  script_bugtraq_id(7475, 7477);
  script_xref(name:"CERT", value:"231705");

  script_name(english:"ScriptLogic Multiple Service Remote Privilege Escalation");
  script_summary(english:"Checks for the presence of the ScriptLogic service");

  script_set_attribute(
    attribute:'synopsis',
    value:'The remote service may be vulnerable to an access control breach.'
  );
  script_set_attribute(
    attribute:'description',
    value:
'The ScriptLogic service is running on this port. 

There is a flaw in versions up to 4.05 of this service which may allow
an attacker to write arbitrary values in the remote registry with
administrator privileges, which can be used to gain a shell on this
host. 

*** Since Nessus was unable to determine the version of ScriptLogic
*** running on this host, this might be a false positive.'
  );
  script_set_attribute(attribute:'solution', value:'Upgrade to ScriptLogic 4.15 or later.');
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/05/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2003/05/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);

  script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc." );
  script_family(english:"Windows");
  script_dependencie("smb_enum_services.nasl");
  script_require_keys("SMB/svcs");
  exit(0);
}

#
# The script code starts here
#
port = get_kb_item("SMB/transport");
if(!port)port = 139;


services = get_kb_item("SMB/svcs");
if(services)
{
 if("[SLServer]" >< services)security_hole(port);
}

References