most security softwares in US : vulnerable, including AD1.200alpha

Discussion in 'Ghost Security Suite (GSS)' started by buffet, Sep 23, 2007.

Thread Status:
Not open for further replies.
  1. buffet

    buffet Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    53
    Last edited by a moderator: Sep 23, 2007
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  3. buffet

    buffet Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    53
    From : http://www.matousec.com/projects/wi...lysis/plague-in-security-software-drivers.php
     
    Last edited: Sep 24, 2007
  4. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    The guys at matousec were kind enough to email me about this a few days prior to making this public. GSS wasn't correctly checking a certain parameter in some API calls that it hooks, allowing a DoS to occur in a few hooked APIs.

    I've already committed the changes so it will be in the next release, since I was already checking most parameters, and also have been telling other kernel developers for a while now what is pointed out in the article, it was a simple change to an oversight of mine. But still, the bug was there. :)
     
Thread Status:
Not open for further replies.