Symantec Workspace Streaming Arbitrary File Upload

Symantec Workspace Streaming Arbitrary File Upload

This module exploits a code execution flaw in Symantec Workspace Streaming. The vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. This module has been tested successfully on Symantec Workspace Streaming 6.1 SP8 and Windows 2003 SP2. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment

Module Name

exploit/windows/antivirus/symantec_workspace_streaming_exec

Authors

• rgod <rgod [at] autistici.org>
• juan vazquez <juan.vazquez [at] metasploit.com>

References

• CVE-2014-1649
• BID-67189
• ZDI-14-127
• URL: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140512_00

Targets

• Symantec Workspace Streaming 6.1 SP8 / Java Universal

Platforms

• java

Architectures

• java

Reliability

• Excellent

Development

• Source Code
• History

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/antivirus/symantec_workspace_streaming_exec msf exploit(symantec_workspace_streaming_exec) > show targets ...targets... msf exploit(symantec_workspace_streaming_exec) > set TARGET <target-id> msf exploit(symantec_workspace_streaming_exec) > show options ...show and set options... msf exploit(symantec_workspace_streaming_exec) > exploit