TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local

2009-08-17 / 2009-08-18

Credit: Evilcry

Risk: Low

Local: Yes

Remote: No

CVE: CVE-2009-2918

CWE: CWE-20

CVSS Base Score: 2.1/10

Impact Subscore: 2.9/10

Exploitability Subscore: 3.9/10

Exploit range: Local

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local Privilege Escalation

Author: Giuseppe 'Evilcry' Bonfa'
E-Mail: evilcry {AT} GMAIL {DOT} COM
Website: http://evilcry.netsons.org

             http://evilcodecave.blogspot.com
             http://evilcodecave.wordpress.com
             http://evilfingers.com
             http://malwareAnalytics.com [under construction]


Release Date: 15/08/2009

+-------------------------------------------------+
Product: TheGreenBow VPN Client 4.61.003 (other versions could be affected) Affected Component: tgbvpn.sys
Category: Local Denial of Service (BSOD)

         (untested) Local Privilege Escalation

+-------------------------------------------------+

--------------------------[Details]--------------->

TheGreenBow's tgbvpn.sys Driver does not sanitize user supplied input (IOCTL)
and this lead to a Driver Collapse that propagates on the system with a BSOD,
and potential risk of Privilege Escalation.

Affected IOCTL is 0x80000034

Transfer Type: METHOD_BUFFERED

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
ef1cabf4 841d36a8 ef1cac58 841d36a8 f42dd895 tgbvpn+0x9f51 00000000 00000000 00000000 00000000 00000000 0x841d36a8

+--------------------------------------------------------------------------------------------+
/* tgbvpn.sys KERNEL_MODE_EXCEPTION_NOT_HANDLED - DoS PoC
 *
 * Author: Giuseppe 'Evilcry' Bonfa'
 * E-Mail: evilcry {AT} gmail. {DOT} com
 * Website: http://evilcry.netsons.org
 * http://evilcodecave.blogspot.com
 * http://evilcodecave.wordpress.com
 * http://evilfingers.com

References:

https://www.evilfingers.com/advisory/Advisory/TheGreenBow_VPN_Client_tgbvpn.sys_DoS.php

http://www.vupen.com/english/advisories/2009/2294

http://www.securityfocus.com/archive/1/archive/1/505816/100/0/threaded

http://secunia.com/advisories/36332

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.