Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5121

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-5121
Last Modified 14 Apr 2009 01:38:17
Published 17 Nov 2008 07:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-5121

Summary

dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.

Vulnerable Systems

Application

  • Citrix Deterministic Network Enhancer 2.21.7.223

  • Citrix Deterministic Network Enhancer 3.21.7.17464


References

CERT-VN - VU#858993

XF - multiple-vendors-dne2000-priv-escalation(43153)

VUPEN - ADV-2008-1868

VUPEN - ADV-2008-1867

VUPEN - ADV-2008-1866

VUPEN - ADV-2008-1865

BID - 29772

MILW0RM - 5837

MISC - http://www.digit-labs.org/files/exploits/dne2000-call.c

MISC - http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860

CONFIRM - http://support.citrix.com/article/CTX117751

SREASON - 4600

SECUNIA - 30753

SECUNIA - 30747

SECUNIA - 30744

SECUNIA - 30728


Last Updated: 27 May 2016 10:48:42