Bugtraq mailing list archives
Re: Vulnerability: CylantSecure
From: Timothy Lawless <lawless () netdoor com>
Date: Sat, 30 Jun 2001 12:32:52 -0400 (EDT)
On Fri, 29 Jun 2001, Juergen Pabel wrote: -->Summary: --> -->CylantSecure is a kernel patch and system that analyses behavior and kills -->programs that deviates from the "normal" system behaviour. The -->vulnerability lies in the processessing delay that occurs between a process -->violating some security rule and the actual killing of the process (a user -->space analyser). By inserting a module (which in itself is a violation, but -->due to the mentioned delay it suceeds) that reroutes function pointers the -->system can effectively be disabled. The vulnerability exists in -->CylantSecure 1.1 and earlier (the Cylant Team has been notified and is -->working on a fix). Attacks against the cylent secure kernel modules is a known issue. I belive the first refrence I personally saw to such an attack is describe in an article at: http://www.securitynewsportal.com/article.php?sid=220
From the posting it seems that the anonymous poster was aware,
and took for granted the delayed detection. --> -->Attached is an exploit for this vulnerability. --> -->Juergen Pabel -->juergen () pabel net -->
Current thread:
- Re: Vulnerability: CylantSecure Timothy Lawless (Jul 01)