[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Norton Insufficient validation of 'SymTDI' driver
From: Matousec - Transparent security Research <research () matousec ! com>
Date: 2007-03-15 12:06:43
Message-ID: 45F936D3.6060306 () matousec ! com
[Download RAW message or body]
Hello,
We would like to inform you about a vulnerability in Symantec Norton products.
Description:
Norton insufficiently protects its driver \Device\SymEvent against a manipulation by \
malicious applications and it fails to validate its input buffer. It is possible to \
open this driver and send arbitrary data to it, which are implicitly believed to be \
valid. It is possible to assemble the data in the input buffer such that the driver \
performs an invalid memory operation and crashes the whole operating system. Further \
impacts of this bug (like possibility of arbitrary code execution in the kernel \
mode) were not examined.
Vulnerable software:
* Norton Personal Firewall 2006 version 9.1.1.7
* Norton Personal Firewall 2006 version 9.1.0.33
* probably all versions of Norton Personal Firewall 2006, Norton Internet \
Security 2006 and other products that use SymTDI driver
* possibly older versions of Norton Personal Firewall and Norton Internet \
Security
More details and a proof of concept including its source code are available here:
http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php
Regards,
--
Matousec - Transparent security Research
http://www.matousec.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic