exploit the possibilities

DESLock+ Local Kernel Code Execution / Denial Of Service

DESLock+ Local Kernel Code Execution / Denial Of Service
Posted Feb 8, 2011
Authored by Neil Kettle

A vulnerability has been discovered in one of Data Encryption Systems DESLock+ kernel drivers, an attacker exploiting this vulnerability may execute arbitrary code with kernel mode privileges, or cause a denial of service attack via a page fault caused by an invalid pointer dereference.

tags | advisory, denial of service, arbitrary, kernel
MD5 | 1c9103cf081fed9456409e50a11981ad

DESLock+ Local Kernel Code Execution / Denial Of Service

Change Mirror Download
===============================ADVISORY===============================
Advisory: Data Encryption Systems - DESLock+ - Local Kernel
Code Execution/Denial of Service
Advisory ID: DSEC-2011-0002
Author: Neil Kettle, Digit Security Ltd
Affected Software: Data Encryption Systems - DESLock+
Vendor URL: http://www.deslock.com
Vendor Status: unpatched
Category: Denial of Service/Privilege Escalation
Date Reported: 2008/07/31
Last Modified: 2011/02/08
Release Date: 2011/02/08
===============================ADVISORY===============================

Description
-----------
A vulnerability has been discovered in one of Data Encryption Systems
DESLock+ kernel drivers, an attacker exploiting this vulnerability may
execute arbitrary code with kernel mode privileges, or cause a Denial
of Service attack via a page fault caused by an invalid pointer
dereference.

Data Encryption Systems Ltd received the best "Encryption Solution of
the Year" at "The Computing Security Awards 2010",

http://www.computingsecurityawards.co.uk/

Analysis
--------
A vulnerability exists due to the improper validation of a user-
supplied pointer within a structure passed as argument to the IOCTL
interface exported from the globally accessible “\\.\DLPTokenWalter0”
device.

Exploitation
------------
An exploit will be made available to the public in due course at the
following URL,

http://www.digit-labs.org/files/exploits/deslock-vdlptokn.c
http://www.digit-security.com/research.php

An updated version of the exploit that targets DESLock+ > 4.1.10 will
be made available shortly.

Technologies Affected
------------------------------
Data Encryption Systems - DESLock+ (3.2.7, <= 4.1.12)


Vendor Response
------------------------------
The same vulnerability has persisted within DESLock + for over 2 years,
and despite numerous Data Encryption Systems’s attempts to rectify the
issue, all attempts have fallen short of being sufficient to negate
exploitation. While we endeavour to contact all vendors prior to release
of any vulnerability information, it should be noted that every attempt
made to contact Data Encryption Systems and inform them of the
vulnerability (and many other vulnerabilities) either results in no
response, or, an ‘unfavourable’ response.


Disclosure Timeline
------------------------------
31th July 2008 – Vendor Disclosure


Credits
------------------------------
Neil Kettle of Digit Security Ltd

Thanks
------------------------------
David Tomlinson of Data Encryption Systems Ltd for the encouragement
to continue searching through DESLock+.


About Digit Security Ltd
----------------------------------
Digit Security is a computer security consultancy based in the United
Kingdom, albeit with a slight difference. The company is a co-operatively
controlled entity comprised of professionals who are experts in their
respective fields. Thus, as a corollary, nearly everyone at Digit Security
is a both a Consultant, Developer and a Director (although we prefer the
term 'equal').

Web: www.digit-security.com
Email: research@digit-security.com

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    11 Files
  • 25
    Apr 25th
    15 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close