Vigil@nce - CA Workload Automation: privilege escalation via casrvc
March 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use the program casrvc of CA Workload
Automation, in order to change arbitrary files and maybe to get a
shell with administrator privileges.
Impacted products: CA Workload Automation.
Severity: 2/4.
Creation date: 27/01/2017.
DESCRIPTION OF THE VULNERABILITY
The CA Workload Automation product includes the component CA
Common Services.
This component includes a program casrvc. However, this program
does not rightly check its input or arguments of kind filename,
before using them with administration privileges.
A local attacker can therefore use the program casrvc of CA
Workload Automation, in order to change arbitrary files and maybe
to get a shell with administrator privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/CA-Workload-Automation-privilege-escalation-via-casrvc-21695