Bugtraq mailing list archives

BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs

From: Blue Frost Security Research Lab <research () bluefrostsecurity de>
Date: Thu, 30 Jun 2016 00:24:54 +0200

________________________________________________________________________

Vendor: Huawei, www.huawei.com
Affected Product: HiSuite for Windows
Affected Version: <= 4.0.3.301
CVE ID: CVE-2016-5821
OVE ID: OVE-20160624-0001
Severity: High
Author: Benjamin Gnahm (@mitp0sh), Blue Frost Security GmbH
Title: Huawei HiSuite Insecure Service Directory ACLs
________________________________________________________________________

A privilege escalation vulnerability was identified in the Huawei
HiSuite software which can be used by a local user to elevate
privileges to become the SYSTEM user.

The root cause of the problem are insecure ACLs on the HandSet service
directory which allows any authenticated user to place a crafted DLL
file in that directory to perform a DLL hijacking attack.

Huawei has released software updates to address the issue. The full
advisory with technical details is available at the following link:

https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/
________________________________________________________________________

Current thread:

BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs Blue Frost Security Research Lab (Jun 30)