Symantec Client Security NAVEX15/NAVENG Device Drivers Let Local Users Gain Kernel Level Privileges
|
|
SecurityTracker Alert ID: 1017002 |
|
SecurityTracker URL: http://securitytracker.com/id/1017002
|
|
CVE Reference:
CVE-2006-4927
(Links to External Site)
|
Date: Oct 5 2006
|
Impact:
Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Symantec Client Security in the NAVEX15.SYS and NAVENG.SYS device drivers. A local user can obtain kernel level privileges on the target system.
A local user can send a specially crafted I/O request packet to the IOCTL handler function to cause memory to be overwritten and arbitrary code to be executed on the target system. The code will run with kernel-level privileges.
NAVEX15.SYS and NAVENG.SYS versions prior to 20061.3.0.12 are affected.
The vendor was notified on September 19, 2006.
Ruben Santamarta and iDefense reported this vulnerability.
|
Impact:
A local user can obtain kernel-level privileges on the target system.
|
Solution:
The vendor has issued a fix as part of the anti-virus definitions dated October 4, 2006 revision 9 (or later). The vendor has issued fixed versions of the NAVEX15.SYS and NAVENG.SYS drivers (20061.3.0.12 and later) as part of the update.
The Symantec advisory is available at:
http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05a.html
|
Vendor URL: securityresponse.symantec.com/avcenter/security/Content/2006.10.05a.html (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 5 Oct 2006 15:48:55 -0400
Subject: Symantec Device Driver Elevation of Privilege
|
http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05a.html
CVE-2006-4927
|
|
