Motorola netOctopus nantsys.sys privilege escalation

netoctopus-nantsys-privilege-escalation (39503) The risk level is classified as HighHigh Risk

Description:

Motorola's netOctopus could allow a local attacker to gain elevated privileges on the system, caused by the exposure of the world-writable \\.\NantSys device interface when the nantsys.sys device driver is installed. By modifying SYSENTER_EIP_MSR, a local attacker could exploit this vulnerability to execute arbitary code on the system with kernel privileges.

Platforms Affected:

  • Motorola, nantsys.sys driver 5.0.0.115
  • Motorola, netOctupus 5.1.2 build 1011

Remedy:

Refer to the Motorola Web site for patch, upgrade, or suggested workaround information. See References.

Consequences:

Gain Privileges

References:

  • iDefense PUBLIC ADVISORY: 01.07.08, Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=636.
  • Motorola Web site, netOctopus Enterprise Systems Manager at http://www.netopia.com/software/products/netoctopus/.
  • BID-27175: Motorola netOctopus Agent 'nantsys.sys' Local Privilege Escalation Vulnerability
  • CVE-2007-5761: The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value.
  • FrSIRT/ADV-2008-0062: Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability
  • SA28366: Motorola netOctopus Agent nantsys.sys Privilege Escalation
  • SECTRACK ID: 1019161: netOctopus 'nantsys.sys' Driver Lets Local Users Gain Kernel Level Privileges

Reported:

Jan 07, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page