| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Jun 2016 00:24:54 +0200 From: Blue Frost Security Research Lab <research@...efrostsecurity.de> To: fulldisclosure@...lists.org, bugtraq@...urityfocus.com Subject: BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs ________________________________________________________________________ Vendor: Huawei, www.huawei.com Affected Product: HiSuite for Windows Affected Version: <= 4.0.3.301 CVE ID: CVE-2016-5821 OVE ID: OVE-20160624-0001 Severity: High Author: Benjamin Gnahm (@mitp0sh), Blue Frost Security GmbH Title: Huawei HiSuite Insecure Service Directory ACLs ________________________________________________________________________ A privilege escalation vulnerability was identified in the Huawei HiSuite software which can be used by a local user to elevate privileges to become the SYSTEM user. The root cause of the problem are insecure ACLs on the HandSet service directory which allows any authenticated user to place a crafted DLL file in that directory to perform a DLL hijacking attack. Huawei has released software updates to address the issue. The full advisory with technical details is available at the following link: https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/ ________________________________________________________________________
Powered by blists - more mailing lists