11 July 2007, 09:39

Escalated Privileges in WinPcap

Security service iDefense has reported a vulnerability in WinPcap which allows local users to escalate their privileges. WinPcap provides drivers that applications can use to record network packets. The bug resides in the driver npf.sys. This incorrectly checks parameters passed to IOCTL 9031 (BIOCGSTATS) when processing an interrupt request packet (IRP), allowing attackers to use manipulated requests to overwrite kernel memory and cause their own program code to run.

The bug is in version 4.0.0.755 of npf.sys and possibly prior versions. This version is installed, for example, when installing the version of WinPcap which is included in Wireshark 0.99.5. The current version of WinPcap, 4.0.1, closes the security hole and users should install it without delay.

Also on The H:

Share this article

Escalated Privileges in WinPcap

Also on The H:

Microsoft's struggle against bugs

CSI:Internet - Open heart surgery

CSI:Internet - A trip into RAM

The H Update Check

Internet Toolkit

Monopoly madness

What's new in Linux 3.4

A Practical Internet of Things

Booting up: Tools and tips for systemd

Kernel Log: Coming in 3.4 (Part 3) - Graphics drivers

Control Centre: The systemd Linux init system

Kernel Log: Coming in 3.4 (Part 2) - Filesystems, storage and drivers

Kernel Log: Coming in 3.4 (Part 1) - Infrastructure

What's new in Linux 3.3

Building a GSM network with open source

CSI:Internet - Controlled from the beyond

Price Insight Top 10 powered by Skinflint

The H

The H open source

The H Security

The H Internet Toolkit