SharpLynx v9.2.3 Insecure File Permissions
Title: SharpLynx v9.2.3 Insecure File Permissions
Advisory ID: ZSL-2018-5456
Type: Local/Remote
Impact: Privilege Escalation
Risk: (3/5)
Release Date: 02.04.2018
[28.03.2018] Vendor contacted.
[01.04.2018] No response from the vendor.
[02.04.2018] Public security advisory released.
[2] https://cxsecurity.com/issue/WLB-2018040024
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/141310
[08.04.2018] - Added reference [1] and [2]
[16.04.2018] - Added reference [3]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2018-5456
Type: Local/Remote
Impact: Privilege Escalation
Risk: (3/5)
Release Date: 02.04.2018
Summary
Back Office Software for Sharp POS Terminals. Catering for the needs of retail and hospitality businesses, SharpLynx has been developed as a modular software solution with options from simple program management and sales analysis through to multi-location stock control.Description
SharpLynx suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Authenticated Users' group.Vendor
Lynx Software Pty Ltd. - https://www.sharplynx.comAffected Version
9.02.0003Tested On
Microsoft Windows 7 Professional SP1 (EN)Vendor Status
[27.03.2018] Vulnerability discovered.[28.03.2018] Vendor contacted.
[01.04.2018] No response from the vendor.
[02.04.2018] Public security advisory released.
PoC
sharplynx_perm.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://packetstormsecurity.com/files/147011[2] https://cxsecurity.com/issue/WLB-2018040024
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/141310
Changelog
[02.04.2018] - Initial release[08.04.2018] - Added reference [1] and [2]
[16.04.2018] - Added reference [3]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk