Vulnerabilities > CVE-2003-1121

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
scriptlogic
critical
nessus
NVD
Published: 2003-12-31
Updated: 2017-07-11

Summary

Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe).

Vulnerable Configurations

Part Description Count
Application
Scriptlogic
1

Nessus

NASL familyWindows
NASL idSMB_SVC_SCRIPTLOGIC.NASL
descriptionThe ScriptLogic service is running on this port. There is a flaw in versions up to 4.05 of this service which may allow an attacker to write arbitrary values in the remote registry with administrator privileges, which can be used to gain a shell on this host. *** Since Nessus was unable to determine the version of ScriptLogic *** running on this host, this might be a false positive.
last seen2020-06-01
modified2020-06-02
plugin id11562
published2003-05-04
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11562
titleScriptLogic Multiple Service Remote Privilege Escalation
code
#
# (C) Tenable Network Security, Inc.
#

include( 'compat.inc' );

if (description)
{
  script_id(11562);
  script_version("1.15");
  script_cvs_date("Date: 2018/07/30 15:31:32");

  script_cve_id("CVE-2003-1121");
  script_bugtraq_id(7475, 7477);
  script_xref(name:"CERT", value:"231705");

  script_name(english:"ScriptLogic Multiple Service Remote Privilege Escalation");
  script_summary(english:"Checks for the presence of the ScriptLogic service");

  script_set_attribute(
    attribute:'synopsis',
    value:'The remote service may be vulnerable to an access control breach.'
  );
  script_set_attribute(
    attribute:'description',
    value:
'The ScriptLogic service is running on this port. 

There is a flaw in versions up to 4.05 of this service which may allow
an attacker to write arbitrary values in the remote registry with
administrator privileges, which can be used to gain a shell on this
host. 

*** Since Nessus was unable to determine the version of ScriptLogic
*** running on this host, this might be a false positive.'
  );
  script_set_attribute(attribute:'solution', value:'Upgrade to ScriptLogic 4.15 or later.');
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/05/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2003/05/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);

  script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc." );
  script_family(english:"Windows");
  script_dependencie("smb_enum_services.nasl");
  script_require_keys("SMB/svcs");
  exit(0);
}

#
# The script code starts here
#
port = get_kb_item("SMB/transport");
if(!port)port = 139;


services = get_kb_item("SMB/svcs");
if(services)
{
 if("[SLServer]" >< services)security_hole(port);
}

References