most security softwares in US : vulnerable, including AD1.200alpha

Discussion in 'Ghost Security Suite (GSS)' started by buffet, Sep 23, 2007.

Thread Status:
Not open for further replies.
  1. buffet

    buffet Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    53
    Last edited by a moderator: Sep 23, 2007
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
  3. buffet

    buffet Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    53
    From : http://www.matousec.com/projects/wi...lysis/plague-in-security-software-drivers.php
     
    Last edited: Sep 24, 2007
  4. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    The guys at matousec were kind enough to email me about this a few days prior to making this public. GSS wasn't correctly checking a certain parameter in some API calls that it hooks, allowing a DoS to occur in a few hooked APIs.

    I've already committed the changes so it will be in the next release, since I was already checking most parameters, and also have been telling other kernel developers for a while now what is pointed out in the article, it was a simple change to an oversight of mine. But still, the bug was there. :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.