Vulnerability CVE-2008-5121


Published: 2008-11-17   Modified: 2012-02-12

Description:
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.

See advisories in our WLB2 database:
Topic
Author
Date
High
Deterministic Network Enhancer dne2000.sys kernel ring0 SYSTEM exploit
mu-b
19.11.2008

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Citrix
Product: Deterministic network enhancer 
Version: 3.21.7.17464; 2.21.7.223;

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.kb.cert.org/vuls/id/858993
http://xforce.iss.net/xforce/xfdb/43153
http://www.vupen.com/english/advisories/2008/1868
http://www.vupen.com/english/advisories/2008/1867
http://www.vupen.com/english/advisories/2008/1866
http://www.vupen.com/english/advisories/2008/1865
http://www.securityfocus.com/bid/29772
http://www.milw0rm.com/exploits/5837
http://www.digit-labs.org/files/exploits/dne2000-call.c
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860
http://support.citrix.com/article/CTX117751
http://securityreason.com/securityalert/4600
http://secunia.com/advisories/30753
http://secunia.com/advisories/30747
http://secunia.com/advisories/30744
http://secunia.com/advisories/30728

Related CVE
CVE-2019-6485
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 bef...
CVE-2018-19965
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of...
CVE-2018-19962
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
CVE-2018-19961
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
CVE-2018-18517
Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.
CVE-2018-18014
** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes ...
CVE-2018-18013
** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in m...
CVE-2018-17448
An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

Copyright 2019, cxsecurity.com

 

Back to Top