CVE-2009-5152
Dell Client Configuration Utility Race Condition
Published: May 11, 2018 | Last Updated: Sep 24, 2020
Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default via a crafted TaskResult.xml file.
Security Updates
Product | Platform | Fix Versions | Fix Version Release Date |
---|---|---|---|
Rpcnetp v845 on Dell Inspiron 1525 | None |
Mitigations
Dell discontinued Dell Inspiron 1525 in 2009.
Work Arounds
N/A
Read more about NIST CVE-2009-5152FAQs
The Absolute Computrace Agent is a piece of software that is packaged with Absolute’s Persistence technology embedded in over 1 Billion devices. The agent provides for visibility and control of the device by creating a digital tether between the device, and the Absolute Monitoring Center.
Log into the Absolute console and go to Assets > Devices. In the report, go to the settings area and edit columns in the report to show the Agent column. This column will report on the version of the agent that is deployed to devices under Absolute management.
Absolute manages the agent upgrade process as part of our service. If your device is regularly calling into the Absolute Monitoring Center then the upgrade to our latest agent will happen automatically. If you are still seeing an outdate agent on a device under management, contact the Absolute support team for assistance.