Radia Client Automation radexecd.exe command injection

Added: 02/25/2015
CVE: CVE-2015-1497
BID: 72612
OSVDB: 118382

Background

Radia Client Automation is an endpoint management solution.

Problem

The radexecd.exe daemon does not properly authenticate or sanitize user requests, allowing remote attackers to execute arbitrary commands.

Resolution

Use the workarounds described in the Accelerite announcement.

References

http://www.zerodayinitiative.com/advisories/ZDI-15-038/

Limitations

Exploit works on Radia Client Automation 9.00 on CentOS 5.

Platforms

Linux

Back to exploit index