BufferZone Redlight.SYS Driver Buffer Overflow Vulnerability
BID:25442
Info
BufferZone Redlight.SYS Driver Buffer Overflow Vulnerability
| Bugtraq ID: | 25442 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 25 2007 12:00AM |
| Updated: | Aug 25 2007 12:00AM |
| Credit: | [email protected] is credited with the discovery of this vulnerability. |
| Vulnerable: |
TRUSTWARE BufferZone 2.5 TRUSTWARE BufferZone 2.1 |
| Not Vulnerable: | |
Discussion
BufferZone Redlight.SYS Driver Buffer Overflow Vulnerability
BufferZone is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
This issue affects BufferZone version 2.5; prior versions may also be affected.
BufferZone is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
This issue affects BufferZone version 2.5; prior versions may also be affected.
Exploit / POC
BufferZone Redlight.SYS Driver Buffer Overflow Vulnerability
An attacker can exploit this issue by using the Device Path Exerciser (dc2.exe). The application can be downloaded from the following site:
http://www.osronline.com/ddkx/ddtools/dc2_8bxv.htm
An attacker can exploit this issue by using the Device Path Exerciser (dc2.exe). The application can be downloaded from the following site:
http://www.osronline.com/ddkx/ddtools/dc2_8bxv.htm
Solution / Fix
BufferZone Redlight.SYS Driver Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor fixes for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor fixes for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
BufferZone Redlight.SYS Driver Buffer Overflow Vulnerability
References:
References: