The Rackspace Windows Agent and Updater allows for modified Agent binaries to be remotely uploaded (without authentication) to Rackspace Cloud Server guest instances. Modified Agent binaries are processed as an update for the Agent and arbitrary code can then be executed after the service is restarted. Previous versions of the Updater (before 1.2.6.0) allowed for unsigned agent updates utilizing a specially crafted .NET remote call to TCP port 1984.
e1432ce56dfb5361bc47edbd2d3c8d08d7d01f9b5dba847ea442095175de0442