WinXP SP2: i2omgmt.sys Privilege Escalation Vulnerability

Author	All Replies
matunga join:2003-07-26 edit: May 13th, @03:28AM	WinXP SP2: i2omgmt.sys Privilege Escalation Vulnerability Local exploitation of an input validation vulnerability within version 5.1.2600.2180 of i2omgmt.sys, as included with Windows XP, could allow an attacker to execute arbitrary code in the context of the kernel. Microsoft has addressed this issue within Windows XP Service Pack 3: »labs.idefense.com/intelligence/v···p?id=699
	to forum · permalink · · 2008-05-13 03:26:23 ·
Lanik Lab-nik Premium,ExMod 2002-03 join:2001-06-25 Bay Area ·DSL EXTREME	quote: VIII. DISCLOSURE TIMELINE 03/20/2007 Initial vendor notification 03/20/2007 Initial vendor response 05/12/2008 Coordinated public disclosure Way to go M$ took them over a year to fix this, way to stay on top of it. -- "If it ain't broke don't fix it."
	to forum · permalink · · 2008-05-13 04:42:42 ·
jdong Eat A Beaver, Save A Tree. Premium join:2002-07-09 Rochester, MI clubs:	reply to matunga Isn't this loaded by default on XP systems? Why wasn't this fixed when the vendor was notified? Grouping together minor bugfixes into a yearly big update is a good idea, but for priviledge escalation vulnerabilities is it really appropriate? -- Ubuntu MOTU Developer and Forums Council
	to forum · permalink · · 2008-05-13 12:10:45 ·
SUMware Premium join:2002-05-21 edit: May 13th, @12:26PM	Looks like MS has provided an incentive to install SP3 (pretty please, or we'll leave your machine vulnerable). Also from original link: quote: III. ANALYSIS Exploitation allows an attacker to elevate privileges by overwriting arbitrary system memory or executing code within kernel context. An attacker needs to log-in to the target machine to exploit this vulnerability. This driver is related to I2O protocol and RAID devices. It is not present by default on every Windows installation. However, iDefense found this driver loaded on several systems we tested. IV. DETECTION iDefense has confirmed the existence of this vulnerability in i2omgmt.sys version 5.1.2600.2180 as installed on some Windows XP SP2 systems. All other Windows releases with this driver, including previous versions, are suspected to be vulnerable. V. WORKAROUND Removing write permissions for "Everyone" appears to prevent access to the vulnerable code. Although no side effects were witnessed in lab tests, normal functionality may be hindered.
	to forum · permalink · · 2008-05-13 12:13:19 ·
dave Premium,MVM join:2000-05-04 not in ohio	reply to matunga Isn't I2O a dead protocol? Do many desktop systems use I2O?
	to forum · permalink · · 2008-05-13 12:48:04 ·
jdong Eat A Beaver, Save A Tree. Premium join:2002-07-09 Rochester, MI clubs:	said by dave : Isn't I2O a dead protocol? Do many desktop systems use I2O? A lot of fan drivers and SMC type chips use an I2C protocol though I don't know if they use the win32 API for it or their own implementation (i.e. your facny CPU/mobo monitoring apps) -- Ubuntu MOTU Developer and Forums Council
	to forum · permalink · · 2008-05-13 13:09:06 ·


Sunday, 06-Jul 18:03:35	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact 8th year online! © 1999-2008 dslreports.com. page compression OFF