Sign-up

ID

VAR-200811-0235


CVE

CVE-2008-5121


TITLE

Deterministic Network Enhancer privilege escalation vulnerability

Trust: 0.8

sources: CERT/CC: VU#858993

DESCRIPTION

dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. Deterministic Network Enhancer (DNE) Contains an elevation of privilege vulnerability. As a result, local users Windows Arbitrary code may be executed with kernel privileges. Deterministic Networks Provided by Deterministic Network Enhancer (DNE) Is Microsoft Windows This product is an extension of the network stack. DNE Is Cisco VPN Client It is used by multiple products. DNE Driver dne2000.sys Contains an elevation of privilege vulnerability. For details, refer to the information provided by each vendor.Local users Windows Arbitrary code may be executed with kernel privileges. Successful attacks will completely compromise affected computers. DNE 'dne2000.sys' 2.21.7.233 to 3.21.8 are vulnerable; other versions may also be affected. There is a loophole in the implementation of the DNE driver. The vulnerability is reported in dne2000.sys versions 2.21.7.233 to 3.21.7.17464. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: mu-b ORIGINAL ADVISORY: http://www.digit-labs.org/files/exploits/dne2000-call.c ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.78

sources: NVD: CVE-2008-5121 // CERT/CC: VU#858993 // JVNDB: JVNDB-2008-001884 // JVNDB: JVNDB-2008-003645 // BID: 29772 // VULHUB: VHN-35246 // PACKETSTORM: 67460 // PACKETSTORM: 67431 // PACKETSTORM: 67433 // PACKETSTORM: 67449

AFFECTED PRODUCTS

vendor:citrixmodel:deterministic network enhancerscope:eqversion:2.21.7.223

Trust: 1.6

vendor:citrixmodel:deterministic network enhancerscope:eqversion:3.21.7.17464

Trust: 1.6

vendor:blue coatmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:deterministicmodel: - scope: - version: -

Trust: 0.8

vendor:safenetmodel: - scope: - version: -

Trust: 0.8

vendor:citrixmodel:deterministic network enhancerscope:ltversion:dne2000.sys 3.21.12.17902 earlier

Trust: 0.8

vendor:safenetmodel:highassurance remotescope: - version: -

Trust: 0.8

vendor:safenetmodel:softremote vpn clientscope: - version: -

Trust: 0.8

vendor:ciscomodel:vpn clientscope: - version: -

Trust: 0.8

vendor:citrixmodel:deterministic network enhancerscope:eqversion:2.21.7.233 to 3.21.7.17464

Trust: 0.8

vendor:blue coatmodel:winproxyscope: - version: -

Trust: 0.8

vendor:citrixmodel:deterministic network enhancerscope:eqversion:3.21.12.17902

Trust: 0.3

vendor:citrixmodel:deterministic network enhancerscope:eqversion:3.21.8

Trust: 0.3

vendor:citrixmodel:deterministic network enhancerscope:eqversion:2.21.7.233

Trust: 0.3

vendor:citrixmodel:deterministic network enhancerscope:eqversion:2.21.7.17464

Trust: 0.3

vendor:citrixmodel:deterministic network enhancerscope:neversion:3.21.9

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:neversion:5.0.3.0530

Trust: 0.3

sources: CERT/CC: VU#858993 // BID: 29772 // JVNDB: JVNDB-2008-001884 // JVNDB: JVNDB-2008-003645 // CNNVD: CNNVD-200811-282 // NVD: CVE-2008-5121

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-5121
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#858993
value: 22.50

Trust: 0.8

NVD: CVE-2008-5121
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200811-282
value: HIGH

Trust: 0.6

VULHUB: VHN-35246
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-5121
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-35246
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#858993 // VULHUB: VHN-35246 // JVNDB: JVNDB-2008-003645 // CNNVD: CNNVD-200811-282 // NVD: CVE-2008-5121

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-35246 // JVNDB: JVNDB-2008-003645 // NVD: CVE-2008-5121

THREAT TYPE

local

Trust: 1.3

sources: BID: 29772 // PACKETSTORM: 67460 // PACKETSTORM: 67431 // PACKETSTORM: 67433 // PACKETSTORM: 67449 // CNNVD: CNNVD-200811-282

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200811-282

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001884

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-35246

PATCH
title:DNE Supporturl:http://www.citrix.com/lang/English/lp/lp_1680845.asp
Trust: 0.8
title:Top Pageurl:http://www.bluecoat.com/
Trust: 0.8
title:VPN Clienturl:http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/
Trust: 0.8
title:CTX117751url:http://support.citrix.com/article/CTX117751
Trust: 0.8
title:Top Pageurl:http://www.safenet-inc.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001884 // 
            
            
            
            JVNDB: JVNDB-2008-003645

EXTERNAL IDS
db:CERT/CCid:VU#858993
Trust: 4.4
db:NVDid:CVE-2008-5121
Trust: 2.8
db:SECUNIAid:30747
Trust: 2.6
db:SECUNIAid:30744
Trust: 2.6
db:SECUNIAid:30753
Trust: 2.6
db:SECUNIAid:30728
Trust: 2.6
db:BIDid:29772
Trust: 2.0
db:VUPENid:ADV-2008-1867
Trust: 1.7
db:VUPENid:ADV-2008-1868
Trust: 1.7
db:VUPENid:ADV-2008-1866
Trust: 1.7
db:VUPENid:ADV-2008-1865
Trust: 1.7
db:SREASONid:4600
Trust: 1.7
db:EXPLOIT-DBid:5837
Trust: 1.7
db:JVNDBid:JVNDB-2008-001884
Trust: 0.8
db:JVNDBid:JVNDB-2008-003645
Trust: 0.8
db:MISCid:HTTP://WWW.DIGIT-LABS.ORG/FILES/EXPLOITS/DNE2000-CALL.C
Trust: 0.6
db:XFid:43153
Trust: 0.6
db:XFid:2000
Trust: 0.6
db:MILW0RMid:5837
Trust: 0.6
db:CNNVDid:CNNVD-200811-282
Trust: 0.6
db:VULHUBid:VHN-35246
Trust: 0.1
db:PACKETSTORMid:67460
Trust: 0.1
db:PACKETSTORMid:67431
Trust: 0.1
db:PACKETSTORMid:67433
Trust: 0.1
db:PACKETSTORMid:67449
Trust: 0.1
sources:
            
            
            CERT/CC: VU#858993 // 
            
            
            
            VULHUB: VHN-35246 // 
            
            
            
            BID: 29772 // 
            
            
            
            JVNDB: JVNDB-2008-001884 // 
            
            
            
            JVNDB: JVNDB-2008-003645 // 
            
            
            
            PACKETSTORM: 67460 // 
            
            
            
            PACKETSTORM: 67431 // 
            
            
            
            PACKETSTORM: 67433 // 
            
            
            
            PACKETSTORM: 67449 // 
            
            
            
            CNNVD: CNNVD-200811-282 // 
            
            
            
            NVD: CVE-2008-5121

REFERENCES
url:http://www.kb.cert.org/vuls/id/858993
Trust: 3.6
url:http://www.digit-labs.org/files/exploits/dne2000-call.c
Trust: 2.9
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscsm25860
Trust: 2.4
url:http://support.citrix.com/article/ctx117751
Trust: 2.0
url:http://www.securityfocus.com/bid/29772
Trust: 1.7
url:http://secunia.com/advisories/30728
Trust: 1.7
url:http://secunia.com/advisories/30744
Trust: 1.7
url:http://secunia.com/advisories/30747
Trust: 1.7
url:http://secunia.com/advisories/30753
Trust: 1.7
url:http://securityreason.com/securityalert/4600
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/1865
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/1866
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/1867
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/1868
Trust: 1.7
url:http://secunia.com/advisories/30728/
Trust: 1.2
url:https://www.exploit-db.com/exploits/5837
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/43153
Trust: 1.1
url:http://secunia.com/advisories/30753/
Trust: 0.9
url:http://secunia.com/advisories/30744/
Trust: 0.9
url:http://secunia.com/advisories/30747/
Trust: 0.9
url:http://www.deterministicnetworks.com/support/dnesupport.asp
Trust: 0.8
url:http://jvn.jp/cert/jvnvu858993/
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5121
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5121
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/43153
Trust: 0.6
url:http://www.milw0rm.com/exploits/5837
Trust: 0.6
url:http://secunia.com/secunia_security_advisories/
Trust: 0.4
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.4
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.4
url:http://secunia.com/secunia_security_specialist/
Trust: 0.4
url:http://corporate.secunia.com/about_secunia/64/
Trust: 0.4
url:http://secunia.com/about_secunia_advisories/
Trust: 0.4
url:http://www.citrix.com
Trust: 0.3
url:http://www.deterministicnetworks.com/products/dne.asp
Trust: 0.3
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscsm25860
Trust: 0.1
url:http://secunia.com/product/1122/
Trust: 0.1
url:http://secunia.com/product/1121/
Trust: 0.1
url:http://secunia.com/product/6750/
Trust: 0.1
url:http://secunia.com/product/1574/
Trust: 0.1
url:http://secunia.com/product/14325/
Trust: 0.1
url:http://secunia.com/product/123/
Trust: 0.1
url:http://secunia.com/product/124/
Trust: 0.1
url:http://secunia.com/product/14465/
Trust: 0.1
url:http://secunia.com/product/17450/
Trust: 0.1
url:http://secunia.com/product/9097/
Trust: 0.1
url:http://secunia.com/product/19105/
Trust: 0.1
url:http://secunia.com/product/19106/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#858993 // 
            
            
            
            VULHUB: VHN-35246 // 
            
            
            
            BID: 29772 // 
            
            
            
            JVNDB: JVNDB-2008-001884 // 
            
            
            
            JVNDB: JVNDB-2008-003645 // 
            
            
            
            PACKETSTORM: 67460 // 
            
            
            
            PACKETSTORM: 67431 // 
            
            
            
            PACKETSTORM: 67433 // 
            
            
            
            PACKETSTORM: 67449 // 
            
            
            
            CNNVD: CNNVD-200811-282 // 
            
            
            
            NVD: CVE-2008-5121

CREDITS
mu-b mu-b@digit-labs.org
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200811-282

SOURCES
db:CERT/CCid:VU#858993
db:VULHUBid:VHN-35246
db:BIDid:29772
db:JVNDBid:JVNDB-2008-001884
db:JVNDBid:JVNDB-2008-003645
db:PACKETSTORMid:67460
db:PACKETSTORMid:67431
db:PACKETSTORMid:67433
db:PACKETSTORMid:67449
db:CNNVDid:CNNVD-200811-282
db:NVDid:CVE-2008-5121

LAST UPDATE DATE
2024-11-23T20:47:38.513000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#858993date:2008-06-27T00:00:00
db:VULHUBid:VHN-35246date:2017-09-29T00:00:00
db:BIDid:29772date:2015-04-16T17:59:00
db:JVNDBid:JVNDB-2008-001884date:2008-11-21T00:00:00
db:JVNDBid:JVNDB-2008-003645date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200811-282date:2009-04-14T00:00:00
db:NVDid:CVE-2008-5121date:2024-11-21T00:53:20.093

SOURCES RELEASE DATE
db:CERT/CCid:VU#858993date:2008-06-18T00:00:00
db:VULHUBid:VHN-35246date:2008-11-18T00:00:00
db:BIDid:29772date:2008-06-17T00:00:00
db:JVNDBid:JVNDB-2008-001884date:2008-11-21T00:00:00
db:JVNDBid:JVNDB-2008-003645date:2012-06-26T00:00:00
db:PACKETSTORMid:67460date:2008-06-18T23:41:53
db:PACKETSTORMid:67431date:2008-06-18T21:15:54
db:PACKETSTORMid:67433date:2008-06-18T21:15:54
db:PACKETSTORMid:67449date:2008-06-18T21:55:50
db:CNNVDid:CNNVD-200811-282date:2008-06-17T00:00:00
db:NVDid:CVE-2008-5121date:2008-11-18T00:30:00.517