[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Norton Insufficient validation of 'SymTDI' driver
From:       Matousec - Transparent security Research <research () matousec ! com>
Date:       2007-03-15 12:06:43
Message-ID: 45F936D3.6060306 () matousec ! com
[Download RAW message or body]

Hello,

We would like to inform you about a vulnerability in Symantec Norton products.


Description:

Norton insufficiently protects its driver \Device\SymEvent against a manipulation by \
malicious applications and it fails  to validate its input buffer. It is possible to \
open this driver and send arbitrary data to it, which are implicitly  believed to be \
valid. It is possible to assemble the data in the input buffer such that the driver \
performs an invalid  memory operation and crashes the whole operating system. Further \
impacts of this bug (like possibility of arbitrary code  execution in the kernel \
mode) were not examined.


Vulnerable software:

     * Norton Personal Firewall 2006 version 9.1.1.7
     * Norton Personal Firewall 2006 version 9.1.0.33
     * probably all versions of Norton Personal Firewall 2006, Norton Internet \
Security 2006 and other products that use  SymTDI driver
     * possibly older versions of Norton Personal Firewall and Norton Internet \
Security


More details and a proof of concept including its source code are available here:
http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php



Regards,

-- 
Matousec - Transparent security Research
http://www.matousec.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic