[TKADV2008-006] CA HIPS KmxFw.sys Kernel Memory Corruption

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: CA HIPS KmxFw.sys Kernel Memory Corruption Advisory ID: TKADV2008-006 Revision: 1.0 Release Date: 2008/08/12 Last Modified: 2008/08/12 Date Reported: 2008/03/08 Author: Tobias Klein tk at trapkit.de Affected Software: CA Host-Based Intrusion...

CVE-2008-2926

The kmxfw.sys driver in CA Host-Based Intrusion Prevention System HIPS r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service system crash or possibly gain privileges via a crafted request...

CVE-2008-3431

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHODNEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \.\VBoxDrv device and...

CVE-2008-3431

CVE-2008-3431 affects Sun xVM VirtualBox on Windows prior to 1.6.4. The VBoxDrv.sys driver handles IOCTLs with METHOD_NEITHER and fails to validate the user-supplied buffer, enabling a local unprivileged user to craft a kernel address and gain kernel privileges by calling DeviceIoControl to the ....

IBM AIX 'scsidiskdd'未初始化'DRVR_PVT'结构拒绝服务漏洞

BUGTRAQ ID: 30441 CNCAN ID：CNCAN-2008073107 IBM AIX是一款商业性质的操作系统。 IBM AIX SCSIDISKDD由于未初始化DRVRPVT结构，本地攻击者可以利用漏洞使应用程序崩溃。 在强制路径ioctl上，PCM返回一个错误后可导致scsidiskdd崩溃。 IBM AIX 5.3 IBM AIX 5.2 可参考如下补丁： IBM AIX 5.3 IBM 5300-06-04-0748 http://www-912.ibm.com/eserver/support/fixes/fixcentral/pseriesfixpack...

CVE-2008-3158

Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory...

Code injection

Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory...

CVE-2008-3158

The CVE-2008-3158 entry concerns the NWFS.SYS driver in Novell Client for Windows 4.91 SP4. A local privilege escalation exists in the nwfs.sys kernel driver when handling IOCTL requests (notably 0x1438BB), where a 0x00000009 dword is written to an arbitrary address, allowing overwriting of a Hal...

EUVD-2008-3148

Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory...

CVE-2008-3158

Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory...

Deterministic Network Extender dne2000.sys驱动本地权限提升漏洞

BUGTRAQ ID: 29772 Deterministic Network Enhancer（DNE）是用于扩展Windows联网栈的软件包。 DNE的驱动程序实现上存在漏洞，本地攻击者可以通过对DNE驱动（dne2000.sys）发送特制的IOCTL请求导致以内核级权限执行任意指令。 Citrix Deterministic Network Extender 2.21.7.233 - 3.21.7.17464 Citrix ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Integer overflow

Integer signedness error in the ipsetsrcfilter function in the IP Multicast Filter in uts/common/inet/ip/ipmulti.c in the kernel in Sun Solaris 10 and OpenSolaris before snv92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large val...

CVE-2008-2710

Integer signedness error in the ipsetsrcfilter function in the IP Multicast Filter in uts/common/inet/ip/ipmulti.c in the kernel in Sun Solaris 10 and OpenSolaris before snv92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large val...

Kaspersky kl1.sys驱动本地栈溢出漏洞

CVECAN ID: CVE-2008-1518 Kaspersky Internet Security套件是一套完整的解决方案，用于保护计算机抵御几乎所有来自互联网的主要的威胁。 Internet Security及其他Kaspersky产品中所发布的kl1.sys内核驱动在处理IOCTL 0x800520e8时没有对向swprintf函数所传送的数据执行边界检查，在这种情况下目标缓冲区为2,000单元宽字符数据，因此如果源缓冲区超过了2000字符的话，就可以触发栈溢出，导致执行任意内核态指令。 Kaspersky Labs Kaspersky Antivirus 7.0...

Stack overflow

Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call...

CVE-2007-5671

CVE-2007-5671 is a VMware Tools local privilege-escalation issue in the guest HGFS driver (HGFS.sys) present in VMware Workstation/Player/ACE/Server and ESX/ESXi components. The flaw arises from improper validation of arguments to user-mode IOCTLs to .\hgfs, enabling a guest user to modify kernel...

CVE-2008-1518

Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call...

Kaspersky Multiple Products kl1.sys Driver Local Overflow

The version of the Kaspersky product installed on the remote host contains a stack-based overflow in its 'kl1.sys' kernel driver involving its handling of IOCTL 0x800520e8. A local attacker may be able to leverage this issue to gain complete control of the affected system. C Tenable Network...

Kaspersky Antivirus IOCTL privilege escalation

IOCTL 0x800520e8 buffer overflow...

Microsoft Windows I2O driver privilege escalation

.I2OExc device weak permissions, IOCTL data insufficient validation...