Symantec Products IOCTL Handler Privilege Escalation - Secunia Advisories - Vulnerability Intelligence

Symantec Products IOCTL Handler Privilege Escalation
Secunia Advisory:	SA22288	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2006-10-06
Last Update:	2006-10-11
Popularity:	10,249 views

Critical:	Less critical
Impact:	Privilege escalation
Where:	Local system
Solution Status:	Vendor Patch

Software:	Symantec AntiVirus Corporate Edition 10.x Symantec AntiVirus Corporate Edition 8.x Symantec AntiVirus Corporate Edition 9.x Symantec AntiVirus for Blue Coat Security Symantec AntiVirus for CacheFlow Security Gateway Symantec AntiVirus for Clearswift 4.x Symantec AntiVirus for Inktomi Traffic Edge Symantec AntiVirus for Microsoft ISA Server 4.x Symantec AntiVirus for Microsoft SharePoint 4.x Symantec AntiVirus for NetApp Filer/NetCache Symantec AntiVirus Scan Engine 4.x Symantec Brightmail AntiSpam 4.x Symantec Brightmail AntiSpam 5.x Symantec Brightmail AntiSpam 6.x Symantec Client Security 1.x Symantec Client Security 2.x Symantec Client Security 3.x Symantec Mail Security for Domino 4.x Symantec Mail Security for Domino 5.x Symantec Mail Security for Exchange 4.x Symantec Mail Security for Microsoft Exchange 5.x Symantec Mail Security for SMTP 4.x Symantec Norton AntiVirus 2001 Symantec Norton AntiVirus 2002 Symantec Norton AntiVirus 2003 Symantec Norton AntiVirus 2004 Symantec Norton AntiVirus 2005 Symantec Norton AntiVirus 2006 Symantec Norton AntiVirus Corporate Edition 7.x Symantec Norton Internet Security 2001 Symantec Norton Internet Security 2002 Symantec Norton Internet Security 2003 Symantec Norton Internet Security 2003 Professional Symantec Norton Internet Security 2004 Symantec Norton Internet Security 2004 Professional Symantec Norton Internet Security 2005 Symantec Norton Internet Security 2006 Symantec Norton SystemWorks 2001 Symantec Norton SystemWorks 2002 Symantec Norton SystemWorks 2003 Symantec Norton SystemWorks 2004 Symantec Norton SystemWorks 2005 Symantec Norton SystemWorks 2006 Symantec Web Security 2.x Symantec Web Security 3.x

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2006-4927

Description: A vulnerability has been reported in various Symantec Products, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to insufficient address space verification within the IOCTL handlers of the NAVEX15.SYS and NAVENG.SYS device drivers, which allows to overwrite arbitrary memory with a constant double word value. This can be exploited to execute arbitrary code with kernel privileges by sending specially crafted I/O Request Packets to the 0x222AD3, 0x222AD7, and 0x222ADB IOCTL handlers. The vulnerability has been reported in all versions of the following products for Windows NT, Windows 2000, and Windows XP: - Norton AntiVirus - Norton Internet Security - Norton System Works - Symantec AntiVirus Corporate Edition - Symantec AntiVirus for Blue Coat Security - Symantec AntiVirus for CacheFlow Security Gateway - Symantec AntiVirus for Clearswift MIME Sweeper - Symantec AntiVirus for Inktomi Traffic Edge - Symantec AntiVirus for Microsoft ISA Server - Symantec AntiVirus for NetApp Filer/NetCache - Symantec BrightMail AntiSpam - Symantec Client Security - Symantec Mail Security for Domino - Symantec Mail Security for Exchange - Symantec Mail Security for SMTP - Symantec Scan Engine - Symantec Web Security for Windows Solution: Update to the virus definitions of October 4, 2006 revision 9 or later. Provided and/or discovered by: Rubén Santamarta, reversemode.com. Changelog: 2006-10-11: Added US-CERT reference. Original Advisory: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05a.html iDEFENSE: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417 Other References: US-CERT VU#946820: http://www.kb.cert.org/vuls/id/946820

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

10th Oct, 2008

New advisories:	15
New vulnerabilities:	83
Updated advisories:	41

Moderately // 237 views

ScriptsEz Easy Image Downloader "id" File Disclosure Vulnerability

Moderately // 245 views

Built2go Real Estate Listings "event_id" SQL Injection

Highly // 401 views

Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow

Moderately // 276 views

Red Hat update for cups

Highly // 286 views

DFF PHP Framework API "DFF_config[dir_incl ude]" File Inclusion Vulnerabilities

Not // 307 views

FUJITSU Interstage Products Apache Tomcat Security Bypass

Moderately // 523 views

Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Moderately // 290 views

Fedora update for condor

Moderately // 570 views

CUPS Multiple Vulnerabilities

Not // 335 views

Gentoo Portage Insecure Python Module Search Path Security Issue

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.