CVE-2008-4363 - OpenCVE

DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Deslock	Deslock

Configuration 1 [-]

cpe:2.3:a:deslock:deslock:3.2.7:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://digit-labs.org/files/exploits/deslock-probe-read.c
http://secunia.com/advisories/31921
http://securityreason.com/securityalert/4342
http://www.vupen.com/english/advisories/2008/2638
https://www.exploit-db.com/exploits/6498

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-30T21:00:00

Updated: 2024-08-07T10:17:08.442Z

Reserved: 2008-09-30T00:00:00

Link: CVE-2008-4363

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-09-30T23:24:53.603

Modified: 2017-09-29T01:32:08.023

Link: CVE-2008-4363

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-20T00:00:00", "descriptions": [{"lang": "en", "value": "DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\\\.\\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://digit-labs.org/files/exploits/deslock-probe-read.c"}, {"name": "ADV-2008-2638", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2638"}, {"name": "31921", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31921"}, {"name": "6498", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6498"}, {"name": "4342", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4342"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4363", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\\\.\\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://digit-labs.org/files/exploits/deslock-probe-read.c", "refsource": "MISC", "url": "http://digit-labs.org/files/exploits/deslock-probe-read.c"}, {"name": "ADV-2008-2638", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2638"}, {"name": "31921", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31921"}, {"name": "6498", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6498"}, {"name": "4342", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4342"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:17:08.442Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://digit-labs.org/files/exploits/deslock-probe-read.c"}, {"name": "ADV-2008-2638", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2638"}, {"name": "31921", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31921"}, {"name": "6498", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6498"}, {"name": "4342", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4342"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4363", "datePublished": "2008-09-30T21:00:00", "dateReserved": "2008-09-30T00:00:00", "dateUpdated": "2024-08-07T10:17:08.442Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deslock:deslock:3.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "5CD625B2-C9BE-42FE-AF96-90BE16A09F41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\\\.\\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended."}, {"lang": "es", "value": "DLMFENC.sys v1.0.0.28 de DESlock+ v3.2.7 permite a usuarios locales provocar una ca\u00edda del sistema (system crash) o ejecutar potencialmente c\u00f3digo de su elecci\u00f3n a trav\u00e9s de ciertas peticiones a \\\\.\\DLKPFSD_Device que sobrescriben un puntero, lo que probablemente est\u00e9 relacionado con el uso de la funci\u00f3n ProbeForRead cuando deber\u00eda haberse ejecutado ProbeForWrite."}], "id": "CVE-2008-4363", "lastModified": "2017-09-29T01:32:08.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-30T23:24:53.603", "references": [{"source": "cve@mitre.org", "url": "http://digit-labs.org/files/exploits/deslock-probe-read.c"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31921"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4342"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2638"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6498"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}