lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <b93edc37-4f25-5d68-7bbd-d0aacf6e8ec9@tempest.com.br>
Date: Tue, 6 Mar 2018 16:13:25 -0300
From: filipe <filipe.xavier@...pest.com.br>
To: fulldisclosure@...lists.org
Subject: [FD] Panda Global Security 17.0.1 - NULL DACL grants full access

=====[ Tempest Security Intelligence - ADV-17/2018 ]===

Panda Global Security 17.0.1 - NULL DACL grants full access
-------------------------------------------------------
Author:
- Filipe Xavier Oliveira: < filipe.xavier () tempest.com.br >

=====[ Table of Contents
]=====================================================

* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Overview
]==============================================================

* System affected : Panda Global Security [1]
* Software Version : 17.0.1. Other versions or models may also be affected.
* Impact : A low priveliged user can access and modify the DACL of pipe
with full access allowed. The NULL DACL grants full access to any user
that requests it; normal security checking is not performed with respect
to the object.

=====[ Detailed description
]==================================================

Panda Global Protection 17.0.1 allows local users to gain privileges or
cause a denial of service by impersonating all the pipes through a use
of \\.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe."
Ensures full access to Everyone users group.

=====[ Timeline of disclosure
]===============================================

26/01/2018 - Vendor was informed of the vulnerability.
01/26/2018 - CVE assigned [2].
02/05/2018 - Vendor did not respond.
03/06/2018 - Advisory publication date.

=====[ Thanks & Acknowledgements
]============================================

- Tempest Security Intelligence / Tempest's Pentest Team [3]

=====[ References
]===========================================================

[1] - https://www.pandasecurity.com
[2] - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6322
[3] - http://www.tempest.com.br/

-- 
Filipe Oliveira
Tempest Security Intelligence


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ