TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local

2009-08-17 / 2009-08-18
Credit: Evilcry
Risk: Low
Local: Yes
Remote: No
CWE: CWE-20


Ogólna skala CVSS: 2.1/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 3.9/10
Wymagany dostęp: Lokalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Brak
Wpływ na dostępność: Częściowy

TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local Privilege Escalation Author: Giuseppe 'Evilcry' Bonfa' E-Mail: evilcry {AT} GMAIL {DOT} COM Website: http://evilcry.netsons.org http://evilcodecave.blogspot.com http://evilcodecave.wordpress.com http://evilfingers.com http://malwareAnalytics.com [under construction] Release Date: 15/08/2009 +-------------------------------------------------+ Product: TheGreenBow VPN Client 4.61.003 (other versions could be affected) Affected Component: tgbvpn.sys Category: Local Denial of Service (BSOD) (untested) Local Privilege Escalation +-------------------------------------------------+ --------------------------[Details]---------------> TheGreenBow's tgbvpn.sys Driver does not sanitize user supplied input (IOCTL) and this lead to a Driver Collapse that propagates on the system with a BSOD, and potential risk of Privilege Escalation. Affected IOCTL is 0x80000034 Transfer Type: METHOD_BUFFERED STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. ef1cabf4 841d36a8 ef1cac58 841d36a8 f42dd895 tgbvpn+0x9f51 00000000 00000000 00000000 00000000 00000000 0x841d36a8 +--------------------------------------------------------------------------------------------+ /* tgbvpn.sys KERNEL_MODE_EXCEPTION_NOT_HANDLED - DoS PoC * * Author: Giuseppe 'Evilcry' Bonfa' * E-Mail: evilcry {AT} gmail. {DOT} com * Website: http://evilcry.netsons.org * http://evilcodecave.blogspot.com * http://evilcodecave.wordpress.com * http://evilfingers.com

Referencje:

https://www.evilfingers.com/advisory/Advisory/TheGreenBow_VPN_Client_tgbvpn.sys_DoS.php
http://www.vupen.com/english/advisories/2009/2294
http://www.securityfocus.com/archive/1/archive/1/505816/100/0/threaded
http://secunia.com/advisories/36332


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top