Get Adobe Reader

Some of the documents on this page may require an external reader in order to view them. Adobe Reader can be obtained by clicking on the following link,

Get Adobe Reader
Newsletter

To make sure you never miss the release of our next article, vulnerability advisory, or just to keep up-to-date with the latest news and updates from Digit Security; sign-up to our newsletter!

Latest News
October 12, 2011
In a recent article published on ‘The Register’ [1], Trusteer have attempted to “rebuff[...]” the “bank security bypass claims” apparently made by Digit Security in an article published in the Times [2] on the 1st October 2011. The article is almost exclusively composed of what are presumably quotes from the CEO of Trusteer, Mickey Boodaei. [...] read more read more
September 7, 2011
In the recent 44con security conference held at The Grange Hotel in London UK, Neil Kettle of Digit Security Ltd gave a presentation detailing the design of just one of the protections that Trusteer claim their product, namely Trusteer Rapport is capable of providing users. The information disclosed detailed both the design and implementation of [...] read more read more
July 23, 2011
The first vulnerability advisory, albeit covering many vulnerabilities in and of itself, affecting Securstar DriveCrypt has been released. The vulnerability in question exists due to the improper validation of a user-supplied pointer within a structure passed as argument to the IOCTL interface exported from the globally accessible “\\.\DCR” device. An attacker exploiting this vulnerability may [...] read more read more
Contact Us
Home \ Advisory Detail
  • PDF file
  • C file
  • C file

DSEC-2011-0001: Securstar - DriveCrypt - Local Kernel Denial of Service/Memory Disclosure/Privilege Escalation

Author:
Abstract: An attacker exploiting this vulnerability may execute arbitrary code with kernel mode privileges, or cause a Denial of Service attack via a page fault caused by an invalid pointer dereference.

Multiple vulnerabilities have been discovered in Securstar DriveCrypt kernel drivers, the vulnerabilities exist due to several somewhat systemic issues in the validation of user-supplied pointers and trust thereof, use of user-supplied parameters to privileged kernel functionality and finally, the lack of bounds checking in unbounded copy operations resulting in buffer overflows.