首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Huawei Technologies du Mobile Broadband 16.0 - Local Privilege Escalation
来源:http://www.zeroscience.mk 作者:LiquidWorm 发布时间:2013-12-25  
Huawei Technologies du Mobile Broadband 16.0 Local Privilege Escalation
  
  
Vendor: Huawei Technologies Co., Ltd.
Product Web Page: http://www.huawei.com
Affected version: 16.002.03.16.124
  
Summary: du Mobile Broadband is a shareware application for
du EITC UAE users to support mobile broadband (3G) activation
for du service provider with systems containing one of the
supported devices. It lets you access du wireless internet
wherever you are and whenever you need it, all powered through
your mobile data SIM or simply by connecting your 3G USB stick
to your device.
  
Desc: The application is vulnerable to an elevation of privileges
vulnerability which can be used by a simple user that can change
the executable file with a binary of choice. The vulnerability
exist due to the improper permissions, with the 'F' flag (full)
for the 'Everyone' and 'Users' group, for the 'du Mobile Broadband.exe'
binary file. The files are installed in the 'du Mobile Broadband'
directory which has the Everyone group assigned to it with full
permissions making every single file inside vulnerable to change
by any user on the affected machine. After you replace the binary
with your rootkit, on reboot you get SYSTEM privileges.
  
Tested on: Microsoft Windows 7 Ultimate (EN) 64bit
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience
  
  
Advisory ID: ZSL-2013-5164
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5164.php
  
  
  
18.12.2013
  
---
  
  
C:\Program Files (x86)>cacls "du Mobile Broadband"
C:\Program Files (x86)\du Mobile Broadband Everyone:(OI)(CI)F
                                           BUILTIN\Users:(OI)(IO)F
                                           BUILTIN\Users:(CI)F
                                           NT SERVICE\TrustedInstaller:(ID)F
                                           NT SERVICE\TrustedInstaller:(CI)(IO)(ID)F
                                           NT AUTHORITY\SYSTEM:(ID)F
                                           NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(ID)F
                                           BUILTIN\Administrators:(ID)F
                                           BUILTIN\Administrators:(OI)(CI)(IO)(ID)F
                                           CREATOR OWNER:(OI)(CI)(IO)(ID)F
  
  
C:\Program Files (x86)>cd "du Mobile Broadband"
  
C:\Program Files (x86)\du Mobile Broadband>cacls "du Mobile Broadband.exe"
C:\Program Files (x86)\du Mobile Broadband\du Mobile Broadband.exe Everyone:F
                                                                   BUILTIN\Users:F
                                                                   NT AUTHORITY\SYSTEM:(ID)F
                                                                   BUILTIN\Administrators:(ID)F
  
  
C:\Program Files (x86)\du Mobile Broadband>

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·RealNetworks RealPlayer 16.0.3
·RealNetworks RealPlayer Versio
·Easy Karaoke Player 3.3.31 Int
·Windows Live Movie Maker 2011
·Red Hat CloudForms Management
·Ophcrack 3.6 Local Buffer Over
·Synology DiskStation Manager S
·Ofilter Player 1.1 Integer Div
·OpenSIS 'modname' PHP Code Exe
·Red Hat CloudForms Management
·Zimbra Collaboration Server LF
·PhotoStore 4.0.7. Shell Upload
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved