Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
BID:30818
Info
Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
| Bugtraq ID: | 30818 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 25 2008 12:00AM |
| Updated: | Aug 25 2008 07:25PM |
| Credit: | Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd |
| Vulnerable: |
SecurStar DriveCrypt Plus Pack 3.9 |
| Not Vulnerable: | |
Discussion
Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
DriveCrypt is prone to a security vulnerability that may cause a denial-of-service condition or allow attackers to gain access to plain text passwords.
Local attackers can exploit this issue to gain access to access to sensitive information or cause the affected computer to reboot.
DriveCrypt Plus Pack version 3.9 is vulnerable; other versions may also be affected.
Note: This vulnerability is the same issue described in BID 15751 (Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness) therefore this BID is being retired.
DriveCrypt is prone to a security vulnerability that may cause a denial-of-service condition or allow attackers to gain access to plain text passwords.
Local attackers can exploit this issue to gain access to access to sensitive information or cause the affected computer to reboot.
DriveCrypt Plus Pack version 3.9 is vulnerable; other versions may also be affected.
Note: This vulnerability is the same issue described in BID 15751 (Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness) therefore this BID is being retired.
Exploit / POC
Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
No specific exploit is required. An attacker would only need local interactive access to the affected computer.
No specific exploit is required. An attacker would only need local interactive access to the affected computer.
Solution / Fix
Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
References:
References:
- DriveCrypt Homepage (SecurStar)
- DriveCrypt Security Model bypass exploiting wrong BIOS API (DriveCrypt Security Model bypass exploiting wrong BIOS API)