Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5761

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2007-5761
Last Modified 07 Mar 2011 10:01:15
Published 08 Jan 2008 07:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-5761

Summary

The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value.

Vulnerable Systems

Application

  • Motorola Netoctopus 5.1.2 Build 1011


References

BID - 27175

CONFIRM - http://www.netopia.com/support/software/technotes/netoctopus/Removing_the_nantsys_Driver.pdf

SECUNIA - 28366

XF - netoctopus-nantsys-privilege-escalation(39503)

VUPEN - ADV-2008-0062

IDEFENSE - 20080107 Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability

SECTRACK - 1019161


Last Updated: 27 May 2016 10:46:16