lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4D51844A.7050502@digit-security.com>
Date: Tue, 08 Feb 2011 17:58:34 +0000
From: Digit Security Research <research@...it-security.com>
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: Data Encryption Systems - DESLock+ - Local Kernel Code Execution/Denial
 of Service

===============================ADVISORY===============================
Advisory:          Data Encryption Systems - DESLock+ - Local Kernel
                   Code Execution/Denial of Service
Advisory ID:       DSEC-2011-0002
Author:            Neil Kettle, Digit Security Ltd
Affected Software: Data Encryption Systems - DESLock+
Vendor URL:        http://www.deslock.com
Vendor Status:     unpatched
Category:          Denial of Service/Privilege Escalation
Date Reported:     2008/07/31
Last Modified:     2011/02/08
Release Date:      2011/02/08
===============================ADVISORY===============================

Description
-----------
A vulnerability has been discovered in one of Data Encryption Systems
DESLock+ kernel drivers, an attacker exploiting this vulnerability may
execute arbitrary code with kernel mode privileges, or cause a Denial
of Service attack via a page fault caused by an invalid pointer
dereference.

Data Encryption Systems Ltd received the best "Encryption Solution of
the Year" at "The Computing Security Awards 2010",

http://www.computingsecurityawards.co.uk/

Analysis
--------
A vulnerability exists due to the improper validation of a user-
supplied pointer within a structure passed as argument to the IOCTL
interface exported from the globally accessible “\\.\DLPTokenWalter0”
device.

Exploitation
------------
An exploit will be made available to the public in due course at the
following URL,

  http://www.digit-labs.org/files/exploits/deslock-vdlptokn.c
  http://www.digit-security.com/research.php

An updated version of the exploit that targets DESLock+ > 4.1.10 will
be made available shortly.

Technologies Affected
------------------------------
Data Encryption Systems - DESLock+ (3.2.7, <= 4.1.12)


Vendor Response
------------------------------
The same vulnerability has persisted within DESLock + for over 2 years,
and despite numerous Data Encryption Systems’s attempts to rectify the
issue, all attempts have fallen short of being sufficient to negate
exploitation. While we endeavour to contact all vendors prior to release
of any vulnerability information, it should be noted that every attempt
made to contact Data Encryption Systems and inform them of the
vulnerability (and many other vulnerabilities) either results in no
response, or, an ‘unfavourable’ response.


Disclosure Timeline
------------------------------
31th July 2008 – Vendor Disclosure


Credits
------------------------------
Neil Kettle of Digit Security Ltd

Thanks
------------------------------
David Tomlinson of Data Encryption Systems Ltd for the encouragement
to continue searching through DESLock+.


About Digit Security Ltd
----------------------------------
Digit Security is a computer security consultancy based in the United
Kingdom, albeit with a slight difference. The company is a co-operatively
controlled entity comprised of professionals who are experts in their
respective fields. Thus, as a corollary, nearly everyone at Digit Security
is a both a Consultant, Developer and a Director (although we prefer the
term 'equal').

Web:        www.digit-security.com
Email:      research@...it-security.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ