Security Bulletins & Advisories Bulletin: #5

DameWare Mini Remote Control Server Potential Privilege Escalation


Products affected by this update:

  • DameWare NT Utilities version 4.8 & below

  • DameWare Mini Remote Control version 4.8 and below


Severity:  Low

Impact: Privilege Elevation

Local: No
Remote: Yes

Patch: For version 3.x customers, please upgrade to version 3.80.
Please send an email to our Support Department at support@dameware.com, and include your version 3.x registration information.
Once we have verified your 3.x registration information, we will email you a temporary link to download version 3.80 of the software.

For version 4.x customers, simply download & install version 4.9 or above from our website at http://www.dameware.com/downloads.

Details:

Affected 3.x versions would be anything prior to version 3.80
Affected 4.x versions would be anything prior to version 4.9

This issue was recently discovered by DameWare Development's internal staff and was immediately resolved with the release of version 3.80 and version 4.9. At the present time, there are no other known issues with regard to our software.

Issue:
A Potential Privilege Escalation issue exists within version 4.8 and below of the Mini Remote Control program, whereby an authenticated user with non-Administrator rights may be able to elevate their rights on a remote machine.

Recommendation:
Download & install the appropriate version of the software listed above, and then update the Mini Remote Client Agent on the remote machine to this new version of the software.

DameWare Security Bulletin #: 5
Notice Date: April 5, 2005

© 1991-2003 DameWare Development LLC, All Rights Reserved
This site looks best when viewed with 
Microsoft Internet Explorer.