Local Privilege Escalation Vulnerability found in X-Kryptor

From the UNIRAS website: ID: 0107 Ref: 0107 Date: 01 February 2007:0900:00 Title: Local User Privilege Escalation Vulnerability in X-Kryptor Secure Client Abstract: X-Kryptor is a range of multi-role, dynamic-VPN products. The X-Kryptor Secure Client is a software-based VPN client that is used to connect home-base or mobile workers to a secure Local Area Network (LAN). A vulnerability has been discovered by NCC Group plc that, if exploited, could potentially allow a malicious person to take full control of the local system and to execute arbitrary code. Barron McCann is aware of this issue and has produced patches to address it. Please see 'Solution' for further details. Vendors affected: Barron McCann Operating Systems affected: Windows Applications affected: X-Kryptor Driver BMS1446HRR,Xgntr Version BMS1351,Install Release BMS1472 Document link: Local User Privilege Escalation Vulnerability in X-Kryptor Secure Client CPNI Vulnerability Advisory 0107-XKryptor-February 2007 Local User Privilege Escalation Vulnerability in X-Kryptor Secure Client Version Information ------------------- Advisory Reference VAN 0107-XKryptor Release Date 1 February 2007 Last Revision 25 January 2007 Version Number 1.0 Acknowledgement --------------- This issue was reported by NCC Group plc (http://www.nccgroup.com). What is affected? ----------------- The vulnerability was verified against the following product version running on Microsoft Windows: - X-Kryptor Driver BMS1446HRR - Xgntr Version BMS1351 - Install Release BMS1472 Other versions may also be affected. Impact ------ If exploited, this vulnerability can potentially allow a malicious user to take control of the local system. Severity -------- Medium Summary ------- X-Kryptor is a range of multi-role, dynamic-VPN products. The X-Kryptor Secure Client is a software-based VPN client that is used to connect home-base or mobile workers to a secure Local Area Network (LAN). A vulnerability has been discovered by NCC Group plc that, if exploited, could potentially allow a malicious person to take full control of the local system and to execute arbitrary code. Barron McCann is aware of this issue and has produced patches to address it. Please see 'Solution' for further details. Details ------- CVE ID: CVE-2007-0436 Under certain circumstances it is possible for users, when using the X-Kryptor Secure Client on Microsoft Windows, to escalate privileges on the machine to the local SYSTEM account. Solution -------- Barron McCann has produced a fix for this issue; please contact them for further details. Vendor Information ------------------ Based in Letchworth, Hertfordshire, Barron McCann Technology is a leading supplier of high assurance security products including the X-Kryptor, a range of VPN products that secure sensitive government communications across the United Kingdom and Europe. For further details regarding Barron McCann, please visit http://www.bemac.com/. Credits ------- The CPNI Vulnerability Management Team would like to thank NCC Group plc for reporting these issues. Please visit http://www.nccgroup.com for further details about NCC Group plc. The CPNI Vulnerability Management Team would also like to thank Barron McCann for their co-operation and assistance in the handling of this vulnerability. Contact Information ------------------- The CPNI Vulnerability Management Team can be contacted as follows: Email vulteam@cpni.gov.uk Please quote the advisory reference in the subject line Telephone +44 (0)870 487 0748 Ext 4511 Monday - Friday 08:30 - 17:00 Fax +44 (0)870 487 0749 Post Vulnerability Management Team CPNI PO Box 60628 London SW1P 1HA We encourage those who wish to communicate via email to make use of our PGP key. This is available from http://www.cpni.gov.uk/key.aspx. Please note that UK government protectively marked material should not be sent to the email address above. If you wish to be added to our email distribution list please email your request to info-sec@cpni.gov.uk. What is CPNI? -------------- For further information regarding the Centre for the Protection of National Infrastructure, please visit http://www.cpni.gov.uk. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI. The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. Neither shall CPNI accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this notice. © 2007 Crown Copyright <End of CPNI Vulnerability Advisory> * Accessibility | * Terms and conditions | * Privacy statement | * Data protection act |

Technorati Tags: Vulnerabilities, Security