← Advisories

Huawei Technologies eSpace Meeting Service 1.0.0.23 Local Privilege Escalation

Medium

Advisory ID

ZSL-2014-5171

Release Date

10 March 2014

Vendor

Huawei Technologies Co., Ltd. - http://www.huawei.com

Affected Version

1.0.0.23 (V100R001C03SPC201B050)

CVE

CVE-2014-3222

Tested On

Microsoft Windows 7 Professional SP1 (EN)

Summary

Huawei's eSpace Meeting solution fully meets the needs of enterprise customers for an integrated daily collaboration system by integrating the conference server, conference video terminal, conference user authorization, and teleconference.

Description

The application is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Users' group, for the 'eMservice.exe' binary file. The service is installed by default to start on system boot with LocalSystem privileges. Attackers can replace the binary with their rootkit, and on reboot they get SYSTEM privileges.

Proof of Concept

espacemeet_priv.txtTXT

Disclosure Timeline

18.01.2014Vulnerability discovered.

20.01.2014Vendor contacted with sent detailed info.

20.01.2014Vendor responds, analyzing the issue.

22.01.2014Vendor confirms the vulnerability.

27.01.2014Working with the vendor.

08.02.2014Asked vendor for status update.

10.02.2014Vendor responds with scheduled patch release date.

07.03.2014Vendor releases version V100R001C03SPC202 to address this issue.

10.03.2014Coordinated public security advisory released.