0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Huawei Technologies du Mobile Broadband 16.0 - Local Privilege Escalation
[Huawei Technologies du Mobile Broadband 16.0 Local Privilege Escalation
Vendor: Huawei Technologies Co., Ltd.
Product Web Page: http://www.huawei.com
Affected version: 16.002.03.16.124
Summary: du Mobile Broadband is a shareware application for
du EITC UAE users to support mobile broadband (3G) activation
for du service provider with systems containing one of the
supported devices. It lets you access du wireless internet
wherever you are and whenever you need it, all powered through
your mobile data SIM or simply by connecting your 3G USB stick
to your device.
Desc: The application is vulnerable to an elevation of privileges
vulnerability which can be used by a simple user that can change
the executable file with a binary of choice. The vulnerability
exist due to the improper permissions, with the 'F' flag (full)
for the 'Everyone' and 'Users' group, for the 'du Mobile Broadband.exe'
binary file. The files are installed in the 'du Mobile Broadband'
directory which has the Everyone group assigned to it with full
permissions making every single file inside vulnerable to change
by any user on the affected machine. After you replace the binary
with your rootkit, on reboot you get SYSTEM privileges.
Tested on: Microsoft Windows 7 Ultimate (EN) 64bit
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2013-5164
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5164.php
18.12.2013
---
C:\Program Files (x86)>cacls "du Mobile Broadband"
C:\Program Files (x86)\du Mobile Broadband Everyone:(OI)(CI)F
BUILTIN\Users:(OI)(IO)F
BUILTIN\Users:(CI)F
NT SERVICE\TrustedInstaller:(ID)F
NT SERVICE\TrustedInstaller:(CI)(IO)(ID)F
NT AUTHORITY\SYSTEM:(ID)F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(ID)F
BUILTIN\Administrators:(ID)F
BUILTIN\Administrators:(OI)(CI)(IO)(ID)F
CREATOR OWNER:(OI)(CI)(IO)(ID)F
C:\Program Files (x86)>cd "du Mobile Broadband"
C:\Program Files (x86)\du Mobile Broadband>cacls "du Mobile Broadband.exe"
C:\Program Files (x86)\du Mobile Broadband\du Mobile Broadband.exe Everyone:F
BUILTIN\Users:F
NT AUTHORITY\SYSTEM:(ID)F
BUILTIN\Administrators:(ID)F
C:\Program Files (x86)\du Mobile Broadband>
# 0day.today [2024-07-02] #