[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Securstar - DriveCrypt - Local Kernel Denial of Service/Memory Disclosure/Privilege Escalation

Advisory:          Securstar - DriveCrypt - Local Kernel
                   Denial of Service/Memory Disclosure/Privilege Escalation
Advisory ID:       DSEC-2011-0001
Author:            Neil Kettle, Digit Security Ltd
Affected Software: Securstar DriveCrypt
Vendor URL:        http://www.securstar.com
Vendor Status:     'patched'
Category:          Denial of Service/Memory Disclosure/Privilege
Date Reported:     2009/12/07
Last Modified:     2011/07/20
Release Date:      2011/07/20

Multiple vulnerabilities have been discovered in Securstar DriveCrypt kernel
drivers, the vulnerabilities exist due to several somewhat systemic issues in
the validation of user-supplied pointers and trust thereof, use of user-supplied
parameters to privileged kernel functionality and finally, the lack of bounds
checking in unbounded copy operations resulting in buffer overflows.

Numerous vulnerabilities exists due to a complete lack of validation of user- 
supplied pointers contained within structures passed as arguments to the IOCTL 
interface exported from the globally accessible "\\.\DCR" device.

An exploit will be made available to the public in due course at the
following URL,


Technologies Affected
Securstar - DriveCrypt (<= 5.2)

Vendor Response

Disclosure Timeline
7th December 2009 - Vendor Disclosure
10th June 2011 - Vendor Releases Patches

Neil Kettle of Digit Security Ltd

About Digit Security Ltd
Digit Security is a computer security consultancy based in the United
Kingdom, albeit with a slight difference. The company is a co-operatively
controlled entity comprised of professionals who are experts in their
respective fields. Thus, as a corollary, nearly everyone at Digit Security
is a both a Consultant, Developer and a Director.

Web:        www.digit-security.com
Email:      research@xxxxxxxxxxxxxxxxxx