Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJob BoardISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » WinXP SP2: i2omgmt.sys Privilege Escalation Vulnerability
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
ZAP + avast or ZASS? »
« Authentication  
AuthorAll Replies


jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs:

reply to matunga
Re: WinXP SP2: i2omgmt.sys Privilege Escalation Vulnerability

Isn't this loaded by default on XP systems? Why wasn't this fixed when the vendor was notified? Grouping together minor bugfixes into a yearly big update is a good idea, but for priviledge escalation vulnerabilities is it really appropriate?
--
Ubuntu MOTU Developer and Forums Council
to forum · permalink · · 2008-05-13 12:10:45 · Reply to this

SUMware
Premium
join:2002-05-21

edit:
May 13th, @12:26PM
 Looks like MS has provided an incentive to install SP3 (pretty please, or we'll leave your machine vulnerable).

Also from original link:
quote:
III. ANALYSIS
Exploitation allows an attacker to elevate privileges by overwriting arbitrary system memory or executing code within kernel context. An attacker needs to log-in to the target machine to exploit this vulnerability.

This driver is related to I2O protocol and RAID devices. It is not present by default on every Windows installation. However, iDefense found this driver loaded on several systems we tested.

IV. DETECTION
iDefense has confirmed the existence of this vulnerability in i2omgmt.sys version 5.1.2600.2180 as installed on some Windows XP SP2 systems. All other Windows releases with this driver, including previous versions, are suspected to be vulnerable.

V. WORKAROUND
Removing write permissions for "Everyone" appears to prevent access to the vulnerable code. Although no side effects were witnessed in lab tests, normal functionality may be hindered.
to forum · permalink · · 2008-05-13 12:13:19 · Reply to this
Forums » Up and Running » Security » SecurityZAP + avast or ZASS? »
« Authentication  

Saturday, 22-Nov 18:03:37 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 9 years online! © 1999-2008 dslreports.com.
page compression OFF
Most commented news this week
· [199] Obama FCC Selection Team Won't Make AT&T Happy
· [109] DSL's Not Dead Yet
· [87] Zone Alarm Pro Free Just For Today
· [84] Storm Reviews Come Rolling In
· [80] Harvard Law Professor Sues RIAA
· [69] New Xbox 360 'Experience' Goes Live
· [69] CRTC Rules Against Indie ISPs In Throttling Dispute
· [59] Just 26% of U.S. Broadband Users Faster Than 5Mbps
· [56] Friday Open Thread
· [51] Cable Grabbing 71% Of New Broadband Customers
Most people now reading
· CRTC ruling coming Thursday Nov 20 [TekSavvy]
· Pentagon Hit by Unprecedented Cyber Attack [Security]
· Disabling Autorun in XP? [Security]
· Furnace question [Home Repair & Improvement]
· Things to give up if we're capped [TekSavvy]
· How I cut my bill in Michigan [Comcast HSI]
· [ PvE] Leatherworking [World of Warcraft]
· Unionized cuts starting at Bell [Canadian Chat]
· [video] Chicken Head Tracking [56k lookout! (broadband heavy)]