49 lines
No EOL
1.6 KiB
Text
49 lines
No EOL
1.6 KiB
Text
Realtek 11n Wireless LAN utility privilege escalation.
|
||
|
||
Vulnerability Discovered by Humberto Cabrera @dniz0r
|
||
http://zeroscience.mk @zeroscience
|
||
|
||
Summary:
|
||
⁃ Realtek 11n Wireless LAN utility is deployed and used by realtek
|
||
alfa cards and more in order to help diagnose and view wireless card
|
||
properties.
|
||
|
||
Description:
|
||
- Unquoted Privilege escalation that allows a user to gain SYSTEM
|
||
privileges.
|
||
|
||
Date - 12 Feb 2015
|
||
Version: 700.1631.106.2011
|
||
Vendor: www.realtek.com.tw
|
||
Advisory URL:
|
||
https://eaty0face.wordpress.com/2015/02/13/realtek-11n-wireless-lan-utility-privilege-escalation/
|
||
Tested on: Win7
|
||
|
||
[SC] QueryServiceConfig SUCCESS
|
||
|
||
SERVICE_NAME: realtek11ncu
|
||
TYPE : 110 WIN32_OWN_PROCESS (interactive)
|
||
START_TYPE : 2 AUTO_START
|
||
ERROR_CONTROL : 1 NORMAL
|
||
BINARY_PATH_NAME : C:\Program Files\REALTEK\11n USB Wireless LAN
|
||
Utility\RtlService.exe
|
||
LOAD_ORDER_GROUP :
|
||
TAG : 0
|
||
DISPLAY_NAME : Realtek11nCU
|
||
DEPENDENCIES :
|
||
SERVICE_START_NAME : LocalSystem
|
||
|
||
C:\Windows\system32>sc qc realtek11nsu
|
||
[SC] QueryServiceConfig SUCCESS
|
||
|
||
SERVICE_NAME: realtek11nsu
|
||
TYPE : 110 WIN32_OWN_PROCESS (interactive)
|
||
START_TYPE : 2 AUTO_START
|
||
ERROR_CONTROL : 1 NORMAL
|
||
BINARY_PATH_NAME : C:\Program Files\REALTEK\Wireless LAN
|
||
Utility\RtlService.exe
|
||
LOAD_ORDER_GROUP :
|
||
TAG : 0
|
||
DISPLAY_NAME : Realtek11nSU
|
||
DEPENDENCIES :
|
||
SERVICE_START_NAME : LocalSystem |