Re: WinPcap NPF.SYS Privilege Elevation Vulnerability

To: mballano@xxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: WinPcap NPF.SYS Privilege Elevation Vulnerability
From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Tue, 10 Jul 2007 11:37:12 -0700
In-reply-to: <20070709233213.3157.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Openpgp: url=http://www.wireshark.org/download/gerald_at_wireshark_dot_org.gpg
References: <20070709233213.3157.qmail@xxxxxxxxxxxxxxxxx>
User-agent: Thunderbird 1.5.0.12 (Macintosh/20070509)

mballano@xxxxxxxxx wrote:
>       WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit
>       -------------------------------------------------------------
> 
>       Affected software: 
> 
>       (*) WinPcap versions affected (Confirmed)
>       
>       - WinPcap 3.1
>       - WinPcap 4.1
          ^^^^^^^^^^^

Can you clarify which 4.x version(s) you tested with?  According to the
WinPcap web site, the latest stable release in the 4.x series is 4.0.1
(which is what we ship with the latest release of Wireshark, and which
addresses this vulnerability).  4.1 is still in beta.

References:
- WinPcap NPF.SYS Privilege Elevation Vulnerability
  - From: mballano

Prev by Date: SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface
Next by Date: Re: Whitepaper - DNS pinning and web proxies
Previous by thread: WinPcap NPF.SYS Privilege Elevation Vulnerability
Next by thread: Re: Re: WinPcap NPF.SYS Privilege Elevation Vulnerability
Index(es):
- Date
- Thread