API tools faq
paste
Advertisement
Mayk0

#; Huawei eSpace Meeting Service 1.0.0.23 Privilege Escalati

Mayk0
Mar 23rd, 2014
134
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.65 KB | None | 0 0
raw download clone embed print report
  1. Titulo completo Huawei eSpace Meeting Service 1.0.0.23 Privilege Escalation
  2. Fecha 2014-03-11
  3. Categoria local exploits
  4. Platforma windows
  5. Riesgo <font color="#FFBF00">RIESGO DE SEGURDAD ALTO</font>
  6. Descripcion Huawei Technologies eSpace Meeting Service version 1.0.0.23 suffers from a local privilege escalation vulnerability.
  7. =========================================
  8.  
  9. Huawei Technologies eSpace Meeting Service 1.0.0.23 Local Privilege Escalation
  10.  
  11.  
  12. Vendor: Huawei Technologies Co., Ltd.
  13. Product web page: http://www.huawei.com
  14. Affected version: 1.0.0.23 (V100R001C03SPC201B050)
  15.  
  16. Summary: Huawei's eSpace Meeting solution fully meets the needs of enterprise
  17. customers for an integrated daily collaboration system by integrating the
  18. conference server, conference video terminal, conference user authorization,
  19. and teleconference.
  20.  
  21. Desc: The application is vulnerable to an elevation of privileges vulnerability
  22. which can be used by a simple user that can change the executable file with a
  23. binary of choice. The vulnerability exist due to the improper permissions, with
  24. the 'F' flag (full) for the 'Users' group, for the 'eMservice.exe' binary file.
  25. The service is installed by default to start on system boot with LocalSystem
  26. privileges. Attackers can replace the binary with their rootkit, and on reboot
  27. they get SYSTEM privileges.
  28.  
  29. Tested on: Microsoft Windows 7 Professional SP1 (EN)
  30.  
  31.  
  32. Vulnerbility discovered by Gjoko 'LiquidWorm' Krstic
  33. @zeroscience
  34.  
  35.  
  36. Advisory ID: ZSL-2014-5171
  37. Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5171.php
  38.  
  39. Huawei ID: Huawei-SA-20140310-01
  40. Huawei Advisory: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-329170.htm
  41.  
  42.  
  43.  
  44. 18.01.2014
  45.  
  46. ------------------------------------
  47.  
  48. C:\>sc qc eSpaceMeeting
  49. [SC] QueryServiceConfig SUCCESS
  50.  
  51. SERVICE_NAME: eSpaceMeeting
  52. TYPE : 110 WIN32_OWN_PROCESS (interactive)
  53. START_TYPE : 2 AUTO_START
  54. ERROR_CONTROL : 1 NORMAL
  55. BINARY_PATH_NAME : C:\ProgramData\eSpaceMeeting\eMservice.exe
  56. LOAD_ORDER_GROUP :
  57. TAG : 0
  58. DISPLAY_NAME : eSpaceMeeting
  59. DEPENDENCIES :
  60. SERVICE_START_NAME : LocalSystem
  61.  
  62. C:\>icacls ProgramData\eSpaceMeeting\eMservice.exe
  63. ProgramData\eSpaceMeeting\eMservice.exe BUILTIN\Users:(I)(F)
  64. NT AUTHORITY\SYSTEM:(I)(F)
  65. BUILTIN\Administrators:(I)(F)
  66.  
  67. Successfully processed 1 files; Failed processing 0 files
  68.  
  69. C:\>
  70.  
  71. ------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!