Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJob BoardISP NewsFAQsForumsToolsMapsAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » WinXP SP2: i2omgmt.sys Privilege Escalation Vulnerability
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
ZAP + avast or ZASS? »
« Authentication  
AuthorAll Replies


jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs:

reply to matunga
Re: WinXP SP2: i2omgmt.sys Privilege Escalation Vulnerability

Isn't this loaded by default on XP systems? Why wasn't this fixed when the vendor was notified? Grouping together minor bugfixes into a yearly big update is a good idea, but for priviledge escalation vulnerabilities is it really appropriate?
--
Ubuntu MOTU Developer and Forums Council
to forum · permalink · · 2008-05-13 12:10:45 · Reply to this

SUMware
Premium
join:2002-05-21

edit:
May 13th, @12:26PM
 Looks like MS has provided an incentive to install SP3 (pretty please, or we'll leave your machine vulnerable).

Also from original link:
quote:
III. ANALYSIS
Exploitation allows an attacker to elevate privileges by overwriting arbitrary system memory or executing code within kernel context. An attacker needs to log-in to the target machine to exploit this vulnerability.

This driver is related to I2O protocol and RAID devices. It is not present by default on every Windows installation. However, iDefense found this driver loaded on several systems we tested.

IV. DETECTION
iDefense has confirmed the existence of this vulnerability in i2omgmt.sys version 5.1.2600.2180 as installed on some Windows XP SP2 systems. All other Windows releases with this driver, including previous versions, are suspected to be vulnerable.

V. WORKAROUND
Removing write permissions for "Everyone" appears to prevent access to the vulnerable code. Although no side effects were witnessed in lab tests, normal functionality may be hindered.
to forum · permalink · · 2008-05-13 12:13:19 · Reply to this
-
Forums » Up and Running » Security » SecurityZAP + avast or ZASS? »
« Authentication  

Saturday, 30-Aug 00:02:18 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 9 years online! © 1999-2008 dslreports.com.
page compression OFF
Most commented news this week
· [329] Comcast 250GB Cap Goes Live October 1
· [222] FBI To Allow Warrantless Investigations
· [153] Industry Reacts To Comcast Cap Plans
· [130] AT&T Thanks Democrats For Telecom Immunity
· [123] Time Warner Cable Cripples TiVO, Gets FCC Fine
· [120] Why Run FTTH When You Can Pretend You Do?
· [67] Telus CAPS 'Unlimited' EVDO Data Plans
· [65] Game Publishers Follow The RIAA's Lead
· [60] Qwest Defends Not Running FTTH
· [60] Friday Open Thread
Most people now reading
· [iPhone] Did I Buy A Fake iPhone? [All things Macintosh]
· Steele vs Paypal - Hoax or Not - You Make the Call [Security]
· Going to Wire My House for CAT5e [Home Repair & Improvement]
· If anyone wants to see pictures [Home Repair & Improvement]
· Comcast has new Acceptable Use Policy besides the 250GB cap [Comcast HSI]
· Hurricane Gustav [Weather]
· How-to: make ActionTec MI424-WR a network bridge [Verizon Fiber Optics]
· Windows Genuine Advantage Notification (KB905474) [Security]