There’s a plenty of technique that can be use to abuse this kind of vulnerability, including:
#AVAST VPN SERVICE NO LOGS WINDOWS#
James Forshaw came up with several techniques to abuse Windows filesystem and path resolution features, and even released a Symbolic Link Testing Toolkit for researchers to use as Proof-of-Concept. Once we find the file operations performed on user-controllable files & directories, we will need to figure a way to exploit these operations. We can observe the file operations by using Process Monitor tool. The permission for AVAST SecureLine as in following screenshot: When a log is generated, a privileged AVAST SecureLine VPN process will create the log file and set its access rights, offering write access. Arbitrary file creation can be achieved by abusing the log file creation: an unprivileged user can replace these log files by pseudo-symbolic links to arbitrary files.
Logs files are created by SYSTEM processes, and are made writable to the user. Subdirectories of C:\Windows\Temp: by default, users can create files and directories, but not modify existing ones and read files / access directories created by other users.įiles and folder permission can be check using multiple way such as Powershell (Get-Acl) or just use explorer Security tab.This is often the first place to look at. Subdirectories of C:\ProgramData with default ACL: by default, users can create files and directories, but not modify existing ones.Directories created in C:\ with default ACL: by default, directories created at the root of partitions do have a permissive ACL that allows write access for users.The Public user’s files & directories: idem.The user’s own files & directories, including its AppData and Temp folders, that some privileged process may use if you’re lucky or running an AV.Here’s a list of interesting locations based on this blog: Most privilege programs will not manipulate unprivileged user-access files indirectly, however most of it perform operations on a files that located somewhere a user can have access to it. This issue well-known as logical vulnerability. The operations could be abuse by leveraging the privileged process to perform unwanted activity. SYSTEM) and perform operations on files like the rest of the processes that has access to user-controlled files or directories without restrictions could lead to a security issue. Vulnerability AnalysisĪ process running with higher privileges (e.g. The vulnerability has been fixed on version. Version below might be affected too, but untested. Affected version of AVAST SecureLine VPN 5.5.522.0.
The log and folder have permissive access rights that allow unprivileged users to add/remove files and change properties. The files are created, accessed and manipulated by privileged (SYSTEM) processes of AVAST SecureLine service. This is especially recommended when you are connected to a public or unsecured wireless network.ĪVAST SecureLine VPN Service creates a log file in “C:\ProgramData\AVAST Software\SecureLine\log" by default. Avast SecureLine VPN can be used any time you want to connect to the internet with extra security and privacy. Avast SecureLine VPN is an application that enables you to connect to the internet via secure Avast VPN servers using an encrypted tunnel to protect your online activity from eavesdropping.
0 kommentar(er)
