11 July 2007, 08:39

Escalated Privileges in WinPcap

Security service iDefense has reported a vulnerability in WinPcap which allows local users to escalate their privileges. WinPcap provides drivers that applications can use to record network packets. The bug resides in the driver npf.sys. This incorrectly checks parameters passed to IOCTL 9031 (BIOCGSTATS) when processing an interrupt request packet (IRP), allowing attackers to use manipulated requests to overwrite kernel memory and cause their own program code to run.

The bug is in version 4.0.0.755 of npf.sys and possibly prior versions. This version is installed, for example, when installing the version of WinPcap which is included in Wireshark 0.99.5. The current version of WinPcap, 4.0.1, closes the security hole and users should install it without delay.

Channels

Services

Escalated Privileges in WinPcap

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit