Vulnerability: CylantSecure

From: Juergen Pabel (juergenat_private)
Date: Fri Jun 29 2001 - 09:39:08 PDT

Next message: ByteRage: "cesarFTP v0.98b 'HELP' buffer overflow"

Previous message: patpro: "Re: MacOSX 10.0.X Permissions uncorrectly set"
Next in thread: Timothy Lawless: "Re: Vulnerability: CylantSecure"
Reply: Timothy Lawless: "Re: Vulnerability: CylantSecure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Summary:

CylantSecure is a kernel patch and system that analyses behavior and kills 
programs that deviates from the "normal" system behaviour. The 
vulnerability lies in the processessing delay that occurs between a process 
violating some security rule and the actual killing of the process (a user 
space analyser). By inserting a module (which in itself is a violation, but 
due to the mentioned delay it suceeds) that reroutes function pointers the 
system can effectively be disabled. The vulnerability exists in 
CylantSecure 1.1 and earlier (the Cylant Team has been notified and is 
working on a fix).

Attached is an exploit for this vulnerability.

Juergen Pabel
juergenat_private

text/x-c attachment: moduleloader.c

Next message: ByteRage: "cesarFTP v0.98b 'HELP' buffer overflow"
Previous message: patpro: "Re: MacOSX 10.0.X Permissions uncorrectly set"
Next in thread: Timothy Lawless: "Re: Vulnerability: CylantSecure"
Reply: Timothy Lawless: "Re: Vulnerability: CylantSecure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jun 30 2001 - 09:13:59 PDT