SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Integrity Protection Driver (IPD) Vendors:   Pedestal Software
Integrity Protection Driver (IPD) Input Validation Errors Let Local Users Crash the System
SecurityTracker Alert ID:  1010965
SecurityTracker URL:  http://securitytracker.com/id/1010965
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 17 2004
Impact:   Denial of service via local system
Exploit Included:  Yes  
Version(s): 1.4 and prior versions
Description:   Next Generation Security Technologies (NGSEC) reported a denial of service vulnerability in Pedestal Software's Integrity Protection Driver (IPD). A local user can crash the system.

It is reported that IPD does not properly validate some pointer references in some of the application's kernel hooks. As a result, a local user can run an application that passes some invalid pointers to a kernel function call to cause IPD (and the system) to crash.

A demonstration exploit is available at:

http://www.ngsec.com/downloads/exploits/ipd-dos.c

The vendor was reportedly notified on August 14, 2004.

The original advisory is available at:

http://www.ngsec.com/docs/advisories/NGSEC-2004-6.txt

Impact:   A local user can cause the system to crash.
Solution:   No solution was available at the time of this entry.

The report indicates that the vendor no longer supports IPD.

Vendor URL:  www.pedestalsoftware.com/download/ipd.zip (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  [NGSEC-2004-6] IPD, local system denial of service.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                   Next Generation Security Technologies
                          http://www.ngsec.com
                            Security Advisory


       Title:   IPD, local system denial of service.
          ID:   NGSEC-2004-6
 Application:   IPD up to 1.4 (http://www.pedestalsoftware.com/)
        Date:   14/Aug/2004
      Status:   Vendor contacted on 14/Aug/2004.
 Platform(s):   Windows OSs.
    Location:   http://www.ngsec.com/docs/advisories/NGSEC-2004-6.txt


Overview:
- ---------

The IPD (Integrity protection driver) is an Open Source device driver
designed to prohibit the installation of new services and drivers and
to protect existing driver from tampering. It installs on Windows NT 
and Windows 2000 computers. 

In its security approach IPD hooks some kernel mode funtions and filters
them allowing or not their original purposes based on IPD's security 
policy.

IPD suffers from an unvalidated pointer referencing in some of this kernel
hooks. 


Technical description:
- ----------------------

The IPD (Integrity protection driver) is an Open Source device driver
designed to prohibit the installation of new services and drivers and
to protect existing driver from tampering. It installs on Windows NT 
and Windows 2000 computers. 

IPD is available for download at:

         http://www.pedestalsoftware.com/download/ipd.zip

In its security approach IPD hooks some kernel mode funtions and filters
them allowing or not their original purposes based on IPD's securit 
policy.

IPD suffers from some unvalidated pointer referencing in some of this kernel
hooks. In example IPD hooks ZwOpenSection declared as follows:

        NTSTATUS ZwOpenSection(HANDLE Handle, DWORD mask, DWORD oa);

The problem exists because IPD does not properly check wether "oa" pointer
is valid or not. Any local and unauthorized user can crash the system with
some simple coding skills.

Sample exploitation cand be found:

         http://www.ngsec.com/downloads/exploits/ipd-dos.c


Recommendations:
- ----------------
Since the vendor has discontinued the development and support of IPD,
NGSEC recomends to uninstall IPD or perform a deep source security audit
before re-enabling it.


- --
More security advisories at: http://www.ngsec.com/ngresearch/ngadvisories/
PGP Key: http://www.ngsec.com/pgp/labs.asc

Copyright(c) 2002-2004 NGSEC. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBIeBaKrwoKcQl8Y4RAja+AJ9AAcQ+kbSlzihym+HNYA3Eje0oigCfSuKH
8Y5J6HnjXR1bYOBbCL1Jn9A=
=+YTS
-----END PGP SIGNATURE-----
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC