|
|
|
|
| |
Credit:
The information has been provided by iDefense.
The original article can be found at:
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417
|
| |
Vulnerable Systems:
* Symantec Client Security version 10.
* Prior versions, as well as relating products, which contain the NAVENG.SYS and NAVEX15.SYS drivers are suspected.
The vulnerability specifically exists due to improper address space validation when the NAVENG and NAVEX15 device drivers process IOCTL 0x222AD3, 0x222AD7, and 0x222ADB. An attacker can overwrite a user supplied address, including code segments, with a constant double word value by supplying a specially crafted Irp to the IOCTL handler function.
Successful exploitation allows an attacker to obtain elevated privileges by exploiting the kernel. This could allow the attacker to gain control of the affected system. However, local access is required for exploitation to be successful. Note that since the attacker can only overwrite with a constant doubleword value, exploitation is not completely straight forward. However, this does not significantly impact the difficulty of exploitation since code segments can be overwritten within the kernel.
Vendor Status:
Symantec has released updated device drivers via LiveUpdate.
More information regarding this issue can be found in Symantec's advisory, SYM06-020.
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-4927 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
Disclosure Timeline:
* 09/19/2006 - Initial vendor notification.
* 09/19/2006 - Initial vendor response.
* 10/05/2006 - Coordinated public disclosure.
|
|
|
|
|
