|
F-Secure BlackLight 2.2.1092 Local Privilege Escalation Vulnerability
|
|
来源:http://www.zeroscience.mk 作者:LiquidWorm 发布时间:2011-08-17
|
|
F-Secure BlackLight 2.2.1092 Local Privilege Escalation Vulnerability
Vendor: F-Secure Corporation
Product web page: http://www.f-secure.com
http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/blacklight/
Affected version: 2.2.1092
Summary: F-Secure BlackLight is a tool that detects files, folders and
processes hidden from the user and other programs. BlackLight is also
able to remove hidden malware by renaming them.
Desc: The rootkit eliminator is vulnerable to an elevation of privileges
vulnerability which can be used by a simple user that can change the
executable file with a binary of choice. The vulnerability exist due to
the improper permissions, with the 'C' flag (change/write) for the 'Everyone'
group, for the 'fsbl.exe' binary file.
Tested on: Microsoft Windows XP Professional SP3 (EN)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2011-5038
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5038.php
10.08.2011
--
C:\>cacls fsbl.exe
C:\fsbl.exe BUILTIN\Administrators:F
Everyone:C
LABPC\User4:F
NT AUTHORITY\SYSTEM:F
C:\>
|
| |
|
[ 推荐]
[ 评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
| |
