# Exploit: IVPN Client for Windows 2.6.6120.33863 Privilege Escalation # Date: 06.02.2017 # Software Link: https://www.ivpn.net/ # Exploit Author: Kacper Szurek # Contact: https://twitter.com/KacperSzurek # Website: https://security.szurek.pl/ # Category: local
1. Description It is possible to run `openvpn` as `SYSTEM` with custom openvpn.conf. Using `--up cmd` we can execute any command. https://security.szurek.pl/ivpn-client-for-windows-26612033863-privilege-escalation.html 2. Proof of Concept https://github.com/kacperszurek/exploits/blob/master/IVPN/ivpn_privilege_escalation.py 3. Solution Update to version 2.6.2 https://www.ivpn.net/setup/windows-changelog.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
