OPSI Managed Client Remote Command Execution

Posted by deepcore on January 31, 2017 – 4:48 pm

A remote attacker with knowledge of a single machine name and the corresponding OPSI machine key is able to execute arbitrary commands on any OPSI Managed client in the same managed environment by using the Remote Procedure Call (RPC) Interface of the OPSI-Server. The attacker is able to use the SYSTEM privileges of the OPSI Agent on any managed client computer and execute arbitrary commands leading to an elevation of privileges. Affected includes OPSI Server version 4.0.7.26 and OPSI ClientAgent version 4.0.7.10-1.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« PDFMate PDF Converter Pro 1.7.5.0 – Buffer Overflow TrueConf Server 4.3.7 Cross Site Scripting / Open Redirect / CSRF »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

OPSI Managed Client Remote Command Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL