===============================ADVISORY===============================
Advisory: Securstar - DriveCrypt - Local Kernel
Denial of Service/Memory Disclosure/Privilege Escalation
Advisory ID: DSEC-2011-0001
Author: Neil Kettle, Digit Security Ltd
Affected Software: Securstar DriveCrypt
Vendor URL: http://www.securstar.com
Vendor Status: 'patched'
Category: Denial of Service/Memory Disclosure/Privilege
Escalation
Date Reported: 2009/12/07
Last Modified: 2011/07/20
Release Date: 2011/07/20
===============================ADVISORY===============================
Multiple vulnerabilities have been discovered in Securstar DriveCrypt kernel
drivers, the vulnerabilities exist due to several somewhat systemic issues in
the validation of user-supplied pointers and trust thereof, use of user-supplied
parameters to privileged kernel functionality and finally, the lack of bounds
checking in unbounded copy operations resulting in buffer overflows.
Numerous vulnerabilities exists due to a complete lack of validation of user-
supplied pointers contained within structures passed as arguments to the IOCTL
interface exported from the globally accessible "\\.\DCR" device.
An exploit will be made available to the public in due course at the
following URL,
http://www.digit-labs.org/
http://www.digit-security.com/research.php
Securstar - DriveCrypt (<= 5.2)
http://www.securstar.com/press.php?id_press=405
7th December 2009 - Vendor Disclosure
10th June 2011 - Vendor Releases Patches
Neil Kettle of Digit Security Ltd
Digit Security is a computer security consultancy based in the United
Kingdom, albeit with a slight difference. The company is a co-operatively
controlled entity comprised of professionals who are experts in their
respective fields. Thus, as a corollary, nearly everyone at Digit Security
is a both a Consultant, Developer and a Director.
Web: www.digit-security.com
Email: [email protected]