Security Hole in Norton Antivirus 2002?

Discussion in 'other security issues & news' started by Antarctica, Aug 10, 2003.

Thread Status:
Not open for further replies.
  1. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    Symantec Norton AntiVirus Device Driver Privilege Escalation

    Release Date: 2003-08-06
    Critical: Less critical
    Impact: Privilege escalation
    DoS
    Where: Local system
    Software: Norton AntiVirus 2002

    Description:
    A vulnerability has been reported in Symantec Norton AntiVirus, which can be exploited by malicious, local users to escalate their privileges on a vulnerable system or cause it to crash.

    The vulnerability is caused due to an error in the Norton AntiVirus Device Driver (NAVAP.sys). This can be exploited by sending two specially crafted control codes using the DeviceIoControl() function, which request the device driver to perform certain operations.

    The first control code will supply specially crafted input to the requested operation via the lpInBuffer, which then returns output to the memory location specified by the lpOutBuffer. The memory contents in this location can then be changed to include arbitrary shellcode. Afterwards, the second control code can manipulate the drivers return address making it jump to the memory location previously specified by the lpOutBuffer.

    Successful exploitation either crashes the system or allows execution of arbitrary code with Kernel Mode (Ring 0) privileges.

    The vulnerability has been reported in version 2002. However, other versions are possibly also affected.


    Solution:
    Grant only trusted users access to affected systems.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.