|
|
|
|
| |
W-Channel produces an embedded Linux system that can turn existing PCs into thin terminal clients. By plugging the TC-IDE into the IDE socket of the PC, the PC will be booted by the embedded kernel, with terminal protocols (RDC, VNC X-Windows etc).
Local user input handling vulnerabilities exist in WCI's TC-IDE Embedded Linux that allow local users with access to the tools provided with the system to spawn a root console, gaining full control over the running Linux operating system. |
| |
Credit:
The information has been provided by ECL team.
|
| |
Vulnerable Systems:
* W-Channel Embedded Linux version 1.53 and prior
Immune Systems:
* W-Channel Embedded Linux version 1.54 or newer
Several exploitation methods are explained below:
1) In the Net Tools dialog, type ";crxvt&" (without the quotes), and click on Discover. A root shell within a virtual terminal should appear.
2) In the PPPoE dialer GUI, type the same as above in the username field, and click connect.
3) In Opera, click on Menu, then Preferences. In E-mail, mark the "Use specific e-mail client" radio button, and type "/bin/dillo" (without the quotes) in the textbox below. Apply the settings, and close this menu. In the main window, click on Mail, then Compose. The dillo browser window should now be launched.
4) Point it to the following address: http://localhost/cgi-bin/mycomputer.cgi. Go to the Control Panel -> User Desktop. Enable "My Computer", then restart your desktop.
You should now have Administrator access to most of the settings.
Vendor Status:
The security problems were fixed in v1.54, Customers should contact W-Channel for information on how to obtain the latest firmware.
Disclosure Timeline:
* Vendor informed: 15/10/04
* Vendor reply: 17/10/04
* Vendor fix release: 8/11/04
|
|
|
|
|
