Vulnerability CVE-2008-5121


Published: 2008-11-17   Modified: 2012-02-12

Description:
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.

See advisories in our WLB2 database:
Topic
Author
Date
High
Deterministic Network Enhancer dne2000.sys kernel ring0 SYSTEM exploit
mu-b
19.11.2008

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Citrix
Product: Deterministic network enhancer 
Version: 3.21.7.17464; 2.21.7.223;

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.kb.cert.org/vuls/id/858993
http://xforce.iss.net/xforce/xfdb/43153
http://www.vupen.com/english/advisories/2008/1868
http://www.vupen.com/english/advisories/2008/1867
http://www.vupen.com/english/advisories/2008/1866
http://www.vupen.com/english/advisories/2008/1865
http://www.securityfocus.com/bid/29772
http://www.milw0rm.com/exploits/5837
http://www.digit-labs.org/files/exploits/dne2000-call.c
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860
http://support.citrix.com/article/CTX117751
http://securityreason.com/securityalert/4600
http://secunia.com/advisories/30753
http://secunia.com/advisories/30747
http://secunia.com/advisories/30744
http://secunia.com/advisories/30728

Related CVE
CVE-2014-3798
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.
CVE-2019-12292
Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.
CVE-2018-18571
An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM...
CVE-2019-12044
A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10...
CVE-2019-11634
Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
CVE-2019-7218
Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first au...
CVE-2019-7217
Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.
CVE-2019-6485
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 bef...

Copyright 2019, cxsecurity.com

 

Back to Top