Vulnerability CVE-2008-5121


Published: 2008-11-17   Modified: 2012-02-12

Description:
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.

See advisories in our WLB2 database:
Topic
Author
Date
High
Deterministic Network Enhancer dne2000.sys kernel ring0 SYSTEM exploit
mu-b
19.11.2008

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Citrix -> Deterministic network enhancer 

 References:
http://www.kb.cert.org/vuls/id/858993
http://xforce.iss.net/xforce/xfdb/43153
http://www.vupen.com/english/advisories/2008/1868
http://www.vupen.com/english/advisories/2008/1867
http://www.vupen.com/english/advisories/2008/1866
http://www.vupen.com/english/advisories/2008/1865
http://www.securityfocus.com/bid/29772
http://www.milw0rm.com/exploits/5837
http://www.digit-labs.org/files/exploits/dne2000-call.c
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860
http://support.citrix.com/article/CTX117751
http://securityreason.com/securityalert/4600
http://secunia.com/advisories/30753
http://secunia.com/advisories/30747
http://secunia.com/advisories/30744
http://secunia.com/advisories/30728

Copyright 2024, cxsecurity.com

 

Back to Top