Software Engineering Institute

The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabilities for Microsoft Windows systems in a domain. ScriptLogic optionally uses a network share to store logging data. A vulnerability in the default access control for the ScriptLogic logging share (usually named LOGS$, but defined by the administrator at install time) in version 4.01 (as tested by the CERT/CC) allows an end user full access to a network share into which ScriptLogic writes its log files. The ScriptLogic installation program, intended to be run on a server, creates this network share without explicitly setting restrictive share-level permissions. As a result, the Windows default permissions are applied, thereby granting the "Everyone" group full access to the share.

The CERT/CC has verified the existence of this vulnerability in version 4.01 of the ScriptLogic software. Version 4.14 of the ScriptLogic software has been tested by the CERT/CC and shown not to contain this vulnerability. The access permissions on the LOGS$ share have been limited in this version of the ScriptLogic software.

Any user with access to the share can modify ScriptLogic log records. Additionally, an intruder can consume disk space, introduce malicious code, or store unauthorized files on the open share.

This vulnerability, when used in conjunction with other, unrelated vulnerabilities, could allow an intruder to invoke malicious code they have stored on the open share. Consumption of excessive disk space may also interfere with or halt the ordinary operation of the system housing the LOGS$ share.

The ability to use a network share for logging is an optional feature in the ScriptLogic software. Sites that have not configured logging to a network share are not affected by this vulnerability. Sites that have selected to log to an alternate network share with restricted access may be at a reduced risk for this vulnerability, depending on their environment.

Upgrade to the latest version of the software

Version 4.14 of the ScriptLogic software has been tested by the CERT/CC and shown not to contain the vulnerability. Users of potentially vulnerable versions of the software are encouraged to upgrade to this version.