On Fri, 29 Jun 2001, Juergen Pabel wrote: -->Summary: --> -->CylantSecure is a kernel patch and system that analyses behavior and kills -->programs that deviates from the "normal" system behaviour. The -->vulnerability lies in the processessing delay that occurs between a process -->violating some security rule and the actual killing of the process (a user -->space analyser). By inserting a module (which in itself is a violation, but -->due to the mentioned delay it suceeds) that reroutes function pointers the -->system can effectively be disabled. The vulnerability exists in -->CylantSecure 1.1 and earlier (the Cylant Team has been notified and is -->working on a fix). Attacks against the cylent secure kernel modules is a known issue. I belive the first refrence I personally saw to such an attack is describe in an article at: http://www.securitynewsportal.com/article.php?sid=220 From the posting it seems that the anonymous poster was aware, and took for granted the delayed detection. --> -->Attached is an exploit for this vulnerability. --> -->Juergen Pabel -->juergenat_private -->
This archive was generated by hypermail 2b30 : Sun Jul 01 2001 - 23:50:09 PDT