Vulnerabilidad en dne2000.sys en Citrix Deterministic Network Enhancer (CVE-2008-5121)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-264
Permisos, privilegios y/o control de acceso
Fecha de publicación:
18/11/2008
Última modificación:
09/04/2025
Descripción
dne2000.sys en Citrix Deterministic Network Enhancer (DNE) desde la version 2.21.7.233 a la 3.21.7.17464, tal y como se usa en (1) Cisco VPN Client, (2) Blue Coat WinProxy, y (3) SafeNet SoftRemote y HighAssurance Remote, permite a usuarios locales obtener privilegios a través de una petición DNE_IOCTL DeviceIoControl modificada a la interfaz de dispositivo \\.\DNE .<br />
<br />
Impacto
Puntuación base 2.0
7.20
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:citrix:deterministic_network_enhancer:2.21.7.223:*:*:*:*:*:*:* | ||
| cpe:2.3:a:citrix:deterministic_network_enhancer:3.21.7.17464:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bluecoat:winproxy:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:safenet:highassurance_remote:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:safenet:softremote_vpn_client:*:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://secunia.com/advisories/30728
- http://secunia.com/advisories/30744
- http://secunia.com/advisories/30747
- http://secunia.com/advisories/30753
- http://securityreason.com/securityalert/4600
- http://support.citrix.com/article/CTX117751
- http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860
- http://www.digit-labs.org/files/exploits/dne2000-call.c
- http://www.kb.cert.org/vuls/id/858993
- http://www.securityfocus.com/bid/29772
- http://www.vupen.com/english/advisories/2008/1865
- http://www.vupen.com/english/advisories/2008/1866
- http://www.vupen.com/english/advisories/2008/1867
- http://www.vupen.com/english/advisories/2008/1868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43153
- https://www.exploit-db.com/exploits/5837
- http://secunia.com/advisories/30728
- http://secunia.com/advisories/30744
- http://secunia.com/advisories/30747
- http://secunia.com/advisories/30753
- http://securityreason.com/securityalert/4600
- http://support.citrix.com/article/CTX117751
- http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860
- http://www.digit-labs.org/files/exploits/dne2000-call.c
- http://www.kb.cert.org/vuls/id/858993
- http://www.securityfocus.com/bid/29772
- http://www.vupen.com/english/advisories/2008/1865
- http://www.vupen.com/english/advisories/2008/1866
- http://www.vupen.com/english/advisories/2008/1867
- http://www.vupen.com/english/advisories/2008/1868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43153
- https://www.exploit-db.com/exploits/5837