• home
• research
• tools
• other stuff
• about
• contact

quick.links

• my blog
• members login
• archive
• news
• links
• rss

recent.news

2010-09-14 - the slides from my recent (re-)presentation (with lots of extra bits) at SEC-T 2010, will soon be online! exploit code [...]

2009-12-18 - The slides from my recent presentation at CRESTCon 2009, the 'replacement' for CHECKCon, are now online! exploit code for the demonstrations [...]

:.home^3.14159265..

More 0day Disk Encryption Driver Bugs @SEC-T 2010!

Posted on: 2010-09-14

the slides from my recent (re-)presentation (with lots of extra bits) at SEC-T 2010, will soon be online! exploit code for the demonstrations will (yet again) follow very soon!

recent.additions

• September 22-23
  - NetIQ/Microfocus Performance Endpoint v5.1 - SIP Remote Denial of Service
  [ endpoint-sip-dos.c ]
• September 22-23
  - NetIQ/Microfocus Performance Endpoint v5.1 - SIP Remote Heap Corruption
  [ endpoint-sip-heap.c ]
• July 27-23
  - NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM
  [ endpoint-pown.c - endpoint-pown-uni.c ]
• April 23-21
  - DblTek GoIP GSM Gateway backdoor remote root
  [ goip-pown-v3.c - SecurityWeek ]
• November 17-19
  - ipsec-tools racoon isakmp-frag Remote Denial of Service
  [ racoon-frag-dos.c - CVE-2016-10396 ]
• October 01-19
  - IBM/Trusteer Rapport macOS - Local Kernel ring0 overflow
  [ rapport-smash.c - rapport-smash-v2.c - rapport-smash-v2.sh - Dark Reading - CVE-2018-1985 ]
• September 13-18
  - WebRoot SecureAnywhere macOS - Local Kernel Pointer Overwrite
  [ securenowhere-write.c - ZDNet - The Register - CVE-2018-16962 ]
• July 27-18
  - Utimaco Safeware AG (Sophos) - SafeGuard PrivateDisk Local Kernel ring0 Code Execution
  [ safeguard-pdisk-overflow.c - safeguard-pdisk-overflow-v2.c ]
• July 24-18
  - Oracle Solaris <= 11.3 AVS Local Kernel ring0 Code Execution
  [ sdbc-testinit.c - sdbc-testinit-v2.c - ZDNet - The Register - ThreatPost -
    Oracle Critical Patch Update Advisory - July 2018 - CVE-2018-2892 ]
• July 23-18
  - Silicon Graphics Inc (SGI) - IRIX - rpc.espd Remote File Read Vulnerability
  [ irix-espd.c ]
• April 13-15
  - Apple Mac OS X < 10.9/10? Local Root Exploit
  [ osx-irony-assist.m - Rootpipe (Wiki) ]
• February 08-11
  - DESLock+ <= 4.1.2 vdlptokn.sys Driver Local Kernel ring0 Code Execution
  [ deslock-vdlptokn-v3.c ]
• January 07-11
  - Silicon Graphics Inc (SGI) - IRIX - Local Kernel Memory Disclosure/Denial of Service
  [ irix-xlvattrget-dos.c ]
• September 16-10
  - Utimaco Safeware AG (Sophos) - SafeGuard PrivateDisk Local Kernel Device 'unmount' Exploit
  [ safeguard-pdisk-unmount.c ]
• September 16-10
  - Utimaco Safeware AG (Sophos) - SafeGuard PrivateDisk Local Kernel Device header 'overwrite' Exploit
  [ safeguard-pdisk-write-header.c ]
• September 14-10
  - SEC-T 2010: "Vulnerabilities in Full/Virtual Disk Encryption Products"
  [ presentation (pdf) ]
• May 26-10
  - SecurStar DriveCrypt <= 5.4 Local Kernel ring0 Code Execution
  [ drivecrypt-dcr.c - BID-45750 ]
• May 26-10
  - SecurStar DriveCrypt <= 5.4 Local Kernel Arbitrary File Read/Write Exploit
  [ drivecrypt-fopen.c ]
• April 26-10
  - NovaSTOR NovaNet <= 12.0 Remote Memory Read/Denial of Service
  [ novanet-read.c - BID-39693 ]
• April 26-10
  - NovaSTOR NovaNet <= 12.0 Remote Code Execution
  [ novanet-own.c - novanet-own-lnx.c - CVE-2009-0849 - BID-39693 ]
• April 26-10
  - NovaSTOR NovaNet/NovaBACKUP Network <= 13.0 Remote Denial of Service
  [ novanet-dos.c - BID-39693 ]
• January 15-10
  - is SafeCentral actually unsafe?
  [ link ]
• January 15-10
  - Authentium SafeCentral <= 2.6 shdrv.sys Local Kernel Denial of Service/ring0 Code Execution
  [ safecentral-unharden.c - BID-37939 ]
• January 15-10
  - Authentium SafeCentral <= 2.6 shdrv.sys Local Kernel ring0 Code Execution
  [ safecentral-unharden-v2.c - BID-37939 ]
• December 22-09
  - CRESTCon 2009: "[Win32] Full/Virtual Disk Encryption Vulnerabilities"
  [ presentation (pdf) ]
• October 02-09
  - VMware Fusion <= 2.0.5 vmx86 kext Local Kernel Denial of Service
  [ vmware-pop.c - CVE-2009-3282 - BID-36579 ]
• October 02-09
  - VMware Fusion <= 2.0.5 vmx86 kext Local Kernel Root Exploit
  [ vmware-fission.c - CVE-2009-3281 - BID-36578 ]
• August 10-09
  - DESLock+ <= 4.0.2 dlpcrypt.sys Driver Local Kernel Denial of Service
  [ deslock-dlpcrypt-v2.c ]
• August 10-09
  - DESLock+ <= 4.0.3 vdlptokn.sys Driver Local Kernel ring0 Code Execution
  [ deslock-vdlptokn.c ]
• August 10-09
  - DESLock+ <= 4.0.3 vdlptokn.sys Driver Local Kernel Denial of Service
  [ deslock-vdlptokn-v2.c - CVE-2008-4362 ]
• June 23-09
  - DESLock+ ownage
  [ link ]
• June 23-09
  - B-Labs Bopup Communication Server <= 3.2.26.5460 Remote Buffer Overflow
  [ bopup-down.c - CVE-2009-2227 ]
• June 18-09
  - DESLock+ 4.0.2 dlpcrypt.sys Driver Local Kernel ring0 Code Execution
  [ deslock-dlpcrypt.c - CVE-2009-4832 - BID-35432 ]
• May 27-09
  - The DESLock+ debacle
  [ link ]
• May 14-09
  - Apple Mac OS X xnu <= 1228.x workqueue Index Validation Vulnerability
  [ xnu-workq-v2-64.c - iDEFENSE-797 - Apple Mac OS X Security Update 2009-002 - CVE-2008-1517 - BID-34959 ]
• May 13-09
  - ipsec-tools racoon isakmp-frag Remote Denial of Service
  [ racoon-isakmp-dos.c - CVE-2009-1574 - BID-34765 ]
• May 02-09
  - Sun Solaris 10/OpenSolaris <= snv_113 dtrace Local Kernel Denial of Service
  [ solaris-dtrace-dos.c - CVE-2009-1478 - BID-34753 ]
• May 02-09
  - Sun Solaris 10/OpenSolaris <= snv_113 fasttrap Local Kernel Denial of Service
  [ solaris-fasttrap-dos.c - CVE-2009-1478 - BID-34753 ]
• April 19-09
  - CanSec 2009: "Bug classes we have found in *BSD, OS X and Solaris kernels"
  [ presentation (odp) - presentation (pdf) ]
• March 30-09
  - Apple Mac OS X xnu <= 1228.x hfs-fcntl Local Kernel Root Exploit
  [ xnu-hfs-fcntl-v2.c - xnu-hfs-fcntl-v2.sh - CVE-2009-1235 - BID-34203 - informationweek.com -
    Heise-Security ]