Deep Freeze 4.20 is susceptible to a denial of service attack.
99264118e7c02613804155370002f94d5dc8817b6af774b15ccc55d3ac852bcc ...
ouuuuuZHH@Auuuuuu23;
.:38A@NMMMMMNMMMMN22AMMMMNHHHH@A77;:
,;88bU78u338@HHHUu333ZEMMMMMMMMMMMMMNHU:
7bE877: .,;27, .;uu@MNR8888U8@MMMMMMMMUo
.;283. :;72883,,,:;o732uR2RMMMMMMMMMNR.
,2E2, .: ;;: .28b822222222222RNMMMHRAAUo
7A8 .,2.o2; 72228@MMMMMMMME8uHMM@7
.oA2, .; .,72ubRU2;;;;322b@EEb3;oRNMN:.
.;H, ,::,7: 8bAH2223 ;8oo38MH2.
;u8 :oo23: .2u8bbo, o2228Z7 , :AMMU.
::. ,::: . ;u8;;, :;;;bU2;;..;Z@; .NMNR
H; , :ubUZ3; .;8::,.22;.;HNMH
;HZ, ;oo8Z; .. RNA:ZEMH
2M ,:: oZZ8Z8U8ENMH
2M ;. MMMH C:\> Deep Freeze (Hyper Technologies)
7M . ,oAMMMRZ22, ZEMH C:\> credits:
;M .8bAb, .7@MMMMMMMMM@8; ;bHo. C:\> Trespasser - tressykewl@yahoo.com
,uU: ;bMUo. 7MMMMMMMMMMMMMH8 3MM7. C:\> Severity : Low
Ho. :UU@Eu. 7o: 7MMMMNEMNNMMMMMM 7EM@o C:\> frzstate.exe
;U2 .2AHME;. ,ZRRRNMHR,. ;MMMHEAHEEMMMMMN ,uMM3 C:\> Description: frzstate.exe password dialog vuln.
u8u .; 3MMM3 .8NMMMMMMMMMA3. .3MMMMHRHMMMMME; 3MMA7
ZH7 ,2MM3 78MMMMMMMMMMMMMH7 .ZR@MMMMMHR3. ;bMM:
,o@u: .,;MM2 ZMMMMMMMMMMMMMMMN, .,77777;. ,AMN2.
.EA3 88ZuHMb7 2HMMMMMMMMMMMMMMM, :MME2
.;ZRu3: . ,EA7 7bMMMMMMR@N@HMMNU. :NE2. 2@NMb;
.:7bAb8,. .3. ,HNMMMMMMN@HHU; MMHA 7UMZ;
.3uZ8bH, o2UMMMMHu3: uHMH7 ,8NM
,ZMR. ..... ... 2@@
,2RZ;... .. ...... . .,;. :8M
7ZRHMMbuuub@@bUAREHMUo .288uuuu2;2AMH8RNR
.,,,,,,,3bE@NNNNMNMNE7Eb8NMNN@ 2M@o,,.
.:33333;ouU@NRRHN2oo7:ZE@7.
.78;. ,;:
* BACKGROUND
Deep Freeze is software that prevents changes to the settings of Windows 95, 98, ME, 2000 and XP computers by unauthorized users. If an unauthorized change is made (software added, or files saved) the system will be restored to its original configuration the next time the computer is restarted (every 24 hours by default).
There are special measures required to operate and manage a Deep Freeze - enabled computer. Users are not able to install software or change system settings without first disabling Deep Freeze. Once the new software has been installed or system settings have been changed, the computer must be re-enabled to "freeze" the new settings and protect the computer again.
** DESCRIPTION
On Windows 2000/XP DeepFreeze consists of several important files:
DepFrzLo.sys (kernel driver)
DepFrzHi.sys (filesystem driver)
dfserv.exe (service)
frzstate.exe (password dialog)
persis00.sys (password file and "on/off switch")
The problem exists in the frzstate.exe process . If provided a long string the frzstate.exe causes an Access Violation Error which crashes the process . This was tested on Windows XP running Deep Freeze version 4.20 .
Example : open the password dialog box (hold shift and double-click on the DF tray icon), after that type in a string like:
'$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$'
Press OK -> frzstate.exe crashes
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed