| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Mar 2018 16:04:44 -0300 From: filipe <filipe.xavier@...pest.com.br> To: fulldisclosure@...lists.org Subject: [FD] BitDefender Total Security 2018 - Insecure Pipe Permissions =====[ Tempest Security Intelligence - ADV-19/2018 ]=== BitDefender Total Security 2018 - Insecure Pipe Permissions ------------------------------------------------------- Author: - Filipe Xavier Oliveira: <filipe.xavier () tempest.com.br =====[ Table of Contents ]===================================================== * Overview * Detailed description * Timeline of disclosure * Thanks & Acknowledgements * References =====[ Overview ]============================================================== * System affected : BitDefender Total Security [1] * Software Version : 2018. Other versions or models may also be affected. * Impact : A low priveliged user can access and modify all DACLS of all pipes with full access allowed. =====[ Detailed description ]================================================== BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Ensures full access to Everyone users group. All pipes used by services (vsserv.exe, updatesrv.exe, DevMgmtService.exe, bdwtxag.exe, bdagent.exe) from application. =====[ Timeline of disclosure ]=============================================== 01/24/2018 - Vendor was informed of the vulnerability. 01/29/2018 - Vendor did not respond. 01/24/2018 - CVE assigned [2] 03/06/2018 - Advisory publication date. =====[ Thanks & Acknowledgements ]============================================ - Tempest Security Intelligence / Tempest's Pentest Team [3] =====[ References ]=========================================================== [1] - https://www.bitdefender.com.br/ [2] - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6183 [3] - http://www.tempest.com.br/ -- Filipe Oliveira Tempest Security Intelligence _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists