Bugtraq mailing list archives
Vulnerability: CylantSecure
From: Juergen Pabel <juergen () pabel net>
Date: Fri, 29 Jun 2001 12:39:08 -0400
Summary: CylantSecure is a kernel patch and system that analyses behavior and kills programs that deviates from the "normal" system behaviour. The vulnerability lies in the processessing delay that occurs between a process violating some security rule and the actual killing of the process (a user space analyser). By inserting a module (which in itself is a violation, but due to the mentioned delay it suceeds) that reroutes function pointers the system can effectively be disabled. The vulnerability exists in CylantSecure 1.1 and earlier (the Cylant Team has been notified and is working on a fix). Attached is an exploit for this vulnerability. Juergen Pabel juergen () pabel net
Attachment:
moduleloader.c
Description:
Current thread:
- Vulnerability: CylantSecure Juergen Pabel (Jun 30)