Showing posts from February, 2013

Huawei Mobile Partner | Permission Weakness Local Privilege Escalation

1. DESCRIPTION Huawei Mobile Partner application contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is due to the application installing with insecure permissions. This allows a less privileged local attacker or compromised process to replace the original application binary with a malicious application which will be executed by a victim user or upon Mobile Partner application Windows service restart. 2. BACKGROUND Mobile Partner is a built-in application in Huawei 3G USB modems that allow you to connect to the 3G mobile network for Internet access. It is widely used by many telcos round the world. 3. VERSIONS AFFECTED Tested version: 4. PROOF-OF-CONCEPT/EXPLOIT //// Tested on Windows c:\>wmic service get pathname | find "Mobile Partner" C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe c:\>accesschk -q "C:\Pro