Citrix Deterministic Network Enhancer driver privilege escalation
| multiple-vendors-dne2000-priv-escalation (43153) |  High Risk |
Description:
Multiple vendor applications, including Citrix, Cisco VPN Client, Winproxy and SafeNET HighAssurance Remote, could allow a local attacker to gain elevated privileges on the system, caused by an error in the Citrix Deterministic Network Enhancer driver (dne2000.sys). By sending a specially-crafted IOCTL request, an attacker could exploit this vulnerability to execute arbitrary code on the system with SYSTEM level privileges.
*CVSS:
| Base Score: | 7.2 |
| Access Vector: | Local |
| Access Complexity: | Low |
| Authentication: | None |
| Confidentiality Impact: | Complete |
| Integrity Impact: | Complete |
| Availability Impact: | Complete |
| Temporal Score: | 5.6 |
| Exploitability: | Proof-of-Concept |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Gain Privileges
Remedy:
Upgrade to the latest version of dne2000.sys (3.21.12.17902 or later), available from the Deterministic Networks Web site. See References.
For other distributions:
Apply the appropriate update for your system. See References.
References:
- Cisco Web site: VPN Client.
- Citrix Web site: Citrix Systems - Application Delivery Infrastructure for a Dynamic World.
- Deterministic Networks Web site: DNE Support.
- SafeNet Web site: SafeNet Inc: The Foundation of Information Security.
- WinProxy Web site: WinProxy.
- BID-29772: Deterministic Network Enhancer 'dne2000.sys' Local Privilege Escalation Vulnerability
- CVE-2008-5121: dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
- SA30728: Deterministic Network Enhancer Privilege Escalation Vulnerability
- SA30744: SafeNet Products Deterministic Network Enhancer Privilege Escalation
- SA30747: Cisco VPN Client Deterministic Network Enhancer Privilege Escalation
- SA30753: BlueCoat WinProxy Deterministic Network Enhancer Privilege Escalation
- US-CERT VU#858993: Deterministic Network Enhancer privilege escalation vulnerability
- VUPEN/ADV-2008-1865: Citrix Deterministic Network Enhancer Privilege Escalation Vulnerability
- VUPEN/ADV-2008-1866: WinProxy Deterministic Network Enhancer Privilege Escalation Issue
- VUPEN/ADV-2008-1867: SafeNet Deterministic Network Enhancer Privilege Escalation Issue
- VUPEN/ADV-2008-1868: Cisco VPN Client Deterministic Network Enhancer Privilege Escalation
Platforms Affected:
- BlueCoat WinProxy 2.1a
- BlueCoat WinProxy 6.0 rc1
- BlueCoat WinProxy 6.1 rc1
- Cisco VPN Client 2.0
- Cisco VPN Client 3.0
- Cisco VPN Client 3.0.5
- Cisco VPN Client 3.1
- Cisco VPN Client 3.5.1
- Cisco VPN Client 3.5.1C
- Cisco VPN Client 3.5.2
- Cisco VPN Client 3.5.2B
- Cisco VPN Client 3.5.4
- Cisco VPN Client 3.6
- Cisco VPN Client 3.6.1
- Cisco VPN Client 4.0.2A
- Cisco VPN Client 4.0.2C
- Cisco VPN Client 4.6
- Cisco VPN Client 4.7
- Cisco VPN Client 4.7.0533
- Cisco VPN Client 4.8.1
- Cisco VPN Client 4.8.2
- Cisco VPN Client 4.8.2.0010
- Cisco VPN Client 5.0.1
- Cisco VPN Client 5.0.1.0600
- Cisco VPN Client 5.0.2.0090
- Citrix Deterministic Network Enhancer 2.21.7.17464
- Citrix Deterministic Network Enhancer 2.21.7.233
- Citrix Deterministic Network Enhancer 3.21.12.17902
- Citrix Deterministic Network Enhancer 3.21.8
- SafeNet SafeNet HighAssurance Remote 1.4
- SafeNet SafeNet HighAssurance Remote 1.4.12
- SafeNet SafeNet HighAssurance SafeRemote 1.4.12
- SafeNet SafeNet HighAssurance SoftRemote 1.4
- SafeNet SafeNet SoftRemote
- SafeNet SafeNet SoftRemoteLT
Reported:
Jun 18, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.