CVE-2008-5121
Summary
| CVE | CVE-2008-5121 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-11-18 00:30:00 UTC |
| Updated | 2017-09-29 01:32:00 UTC |
| Description | dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bluecoat | Winproxy | All | All | All | All |
| Application | Bluecoat | Winproxy | All | All | All | All |
| Application | Cisco | Vpn Client | All | All | All | All |
| Application | Cisco | Vpn Client | All | All | All | All |
| Application | Citrix | Deterministic Network Enhancer | 2.21.7.223 | All | All | All |
| Application | Citrix | Deterministic Network Enhancer | 3.21.7.17464 | All | All | All |
| Application | Citrix | Deterministic Network Enhancer | 2.21.7.223 | All | All | All |
| Application | Citrix | Deterministic Network Enhancer | 3.21.7.17464 | All | All | All |
| Application | Safenet | Highassurance Remote | All | All | All | All |
| Application | Safenet | Highassurance Remote | All | All | All | All |
| Application | Safenet | Softremote Vpn Client | All | All | All | All |
| Application | Safenet | Softremote Vpn Client | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CTX117751 - Privilege Escalation Vulnerability in Citrix Deterministic Network Enhancer (dne2000.sys) - Citrix Knowledge Center | CONFIRM | support.citrix.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Cisco.com Login Page | MISC | tools.cisco.com | |
| SafeNet Products Deterministic Network Enhancer Privilege Escalation - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| SecurityReason - Deterministic Network Enhancer dne2000.sys kernel ring0 SYSTEM exploit | SREASON | securityreason.com | |
| Deterministic Network Enhancer dne2000.sys kernel ring0 SYSTEM exploit | EXPLOIT-DB | www.exploit-db.com | |
| BlueCoat WinProxy Deterministic Network Enhancer Privilege Escalation - Advisories - Community | SECUNIA | secunia.com | |
| Deterministic Network Enhancer Privilege Escalation Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| www.digit-labs.org/files/exploits/dne2000-call.c | MISC | www.digit-labs.org | |
| Cisco VPN Client Deterministic Network Enhancer Privilege Escalation - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Deterministic Network Enhancer 'dne2000.sys' Local Privilege Escalation Vulnerability | BID | www.securityfocus.com | |
| US-CERT Vulnerability Note VU#858993 | CERT-VN | www.kb.cert.org | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.