1. Registrera ett konto och bli del av Sveriges förmodligen trevligaste och mest hjälpsamma community.
    Stäng notis

Övrigt: Sårbarhet i 4.1.2

Diskussion i 'Optimus G - Allmänt' startad av urbanlarsson, 30 maj 2013.

  1. urbanlarsson

    urbanlarsson Adult Droid Medlem

    Blev medlem:
    15 feb 2010
    Inlägg:
    684
    Mottagna gillanden:
    77

    MINA ENHETER

    http://seclists.org/fulldisclosure/2013/May/166

    vulnerability in LG's "HiddenMenu" allows you to execute shell commands
    as the system, with a large array of additional permissions (Groups). This
    vulnerability opens up the device to further attacks. Due to the large
    number of models sharing similar firmware, I have no idea how many devices
    are affected.


    Details:

    Dial: 3845#*XXX# ( XXX to be replaced with model number, in this case
    3845#*973#)

    HiddenMenu will open, select WLAN Test, then select Wi-Fi Ping Test/User
    Command, then select User Command.

    Replace the tcpdump command with the command you wish to run as system
    user

    Then press cancel (not ok). The application will execute the command as
    system user.