Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Telefonica O2 Connection Manager 3.4 Local Privilege Escalation

🗓️ 10 Oct 2014 00:00:00Reported by LiquidWormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 18 Views

Telefonica O2 Connection Manager 3.4 Local Privilege Escalation Vulnerability on Window

Code
`  
Telefonica O2 Connection Manager 3.4 Local Privilege Escalation Vulnerability  
  
  
Vendor: Telefonica S.A.  
Product web page: http://www.telefonica.com | http://www.o2.co.uk  
Affected version: 3.4.R1 (108)  
  
Summary: O2 Connection Manager will help you to manage your internet  
connections by getting you connected to the fastest available network.  
Automatically connect you to the fastest available network including  
your home broadband if you have a wireless router.  
  
Desc: O2 Connection Manager suffers from an elevation of privileges  
vulnerability which can be used by a simple user that can change the  
executable files with a binary of choice. The vulnerability exist due  
to the improper permissions, with the 'F' flag (Full) for 'Everyone'  
group, making the entire directory 'O2 Connection Manager' and its  
files and sub-dirs world-writable.  
  
Tested on: Microsoft Windows 7 Professional SP1 (EN)  
Microsoft Windows 7 Ultimate SP1 (EN)  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2014-5199  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5199.php  
  
  
22.09.2014  
  
---  
  
==========================================================================  
  
Arguments Used:  
Filename = "C:\Program Files (x86)\O2CM-CE\O2 Connection Manager"  
  
  
  
**************************************************************************  
Directory: C:\Program Files (x86)\O2CM-CE\O2 Connection Manager  
  
Permissions:  
Type Username Permissions Inheritance  
  
Allowed \Everyone Full Control This Folder Only  
Allowed \Everyone Special (Unknown) Files Only  
Allowed BUILTIN\Administrators Special (DCBA654321) This Folder and Files  
Allowed NT SERVICE\TrustedInsta Full Control This Folder Only  
Allowed NT SERVICE\TrustedInsta Special (Unknown) Subfolders only  
Allowed NT AUTHORITY\SYSTEM Full Control This Folder Only  
Allowed NT AUTHORITY\SYSTEM Special (Unknown) Subfolders and Files  
Allowed BUILTIN\Administrators Full Control This Folder Only  
Allowed BUILTIN\Administrators Special (Unknown) Subfolders and Files  
Allowed BUILTIN\Users Read and Execute This Folder Only  
Allowed BUILTIN\Users Special (Unknown) Subfolders and Files  
Allowed \CREATOR OWNER Special (Unknown) Subfolders and Files  
  
No Auditing set  
  
Owner: NT AUTHORITY\SYSTEM  
**************************************************************************  
  
  
Operation Complete  
Elapsed Time: 0,234375 seconds.  
  
  
==========================================================================  
  
Arguments Used:  
Filename = "C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe"  
  
  
  
**************************************************************************  
File: C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe  
  
Permissions:  
Type Username Permissions Inheritance  
  
Allowed \Everyone Full Control This Folder Only  
Allowed BUILTIN\Administrators Special (DCBA654321) This Folder Only  
Allowed NT AUTHORITY\SYSTEM Full Control This Folder Only  
Allowed BUILTIN\Administrators Full Control This Folder Only  
Allowed BUILTIN\Users Read and Execute This Folder Only  
  
No Auditing set  
  
Owner: NT AUTHORITY\SYSTEM  
**************************************************************************  
  
  
Operation Complete  
Elapsed Time: 0,125 seconds.  
  
  
==========================================================================  
  
C:\Program Files (x86)\O2CM-CE\O2 Connection Manager>icacls *.exe |findstr "Everyone:(I)(F)"  
Elevate.exe Everyone:(I)(F)  
locSrch.exe Everyone:(I)(F)  
md5sum.exe Everyone:(I)(F)  
patch.exe Everyone:(I)(F)  
ProfileImp.exe Everyone:(I)(F)  
SupportAssistant.exe Everyone:(I)(F)  
tscui.exe Everyone:(I)(F)  
vcredist_x86.exe Everyone:(I)(F)  
WifiProfileImportTool.exe Everyone:(I)(F)  
XAU.exe Everyone:(I)(F)  
  
C:\Program Files (x86)\O2CM-CE\O2 Connection Manager>  
  
==========================================================================  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
10 Oct 2014 00:00Current
0.3Low risk
Vulners AI Score0.3
telefonica o2 connection managerlocal privilege escalationvulnerabilitywindows 7
18