首页 -> 安全研究
安全研究
安全漏洞
Pedestal Software完整性保护驱动可绕过漏洞
发布日期:2002-12-03
更新日期:2002-12-11
受影响系统:
Pedestal Software Integrity Protection Driver 1.2不受影响系统:
- Microsoft Windows Terminal Server 4.0
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
Pedestal Software Integrity Protection Driver 1.3描述:
- Microsoft Windows Terminal Server 4.0
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows NT 4.0 SP6a
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows NT 4.0 SP6
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows NT 4.0 SP5
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows NT 4.0 SP4
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows NT 4.0 SP3
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows NT 4.0 SP2
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows NT 4.0 SP1
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows NT 4.0
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Server SP3
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Server SP2
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Server SP1
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Server
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Professional SP3
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Professional SP2
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Professional SP1
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Professional
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Datacenter Server SP3
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Datacenter Server SP2
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Datacenter Server SP1
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Datacenter Server
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Advanced Server SP3
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Advanced Server SP2
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Advanced Server SP1
Pedestal Software Integrity Protection Driver 1.3
- Microsoft Windows 2000 Advanced Server
BUGTRAQ ID: 6295
Pedestal Software的完整性保护驱动(IPD)是一款开放源代码设备驱动设计用于禁止新服务和驱动安装,保护已经存在的驱动被篡改等。
IPD存在设计问题,本地攻击者可以利用这个漏洞绕过保护措施并使保护失效或者延迟。
为了使管理员有一定时间反安装完整性保护驱动(IPD)软件,在系统启动后IPD有20分钟的延迟保护措施,在这延迟阶段,本地攻击者可以利用修改系统时间退后而更长时间的绕过IPD保护。
<*来源:Jan Rutkowski (jkrutkowski@elka.pw.edu.pl)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103886682926432&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
c:\ipd>ipdinstall.exe start
[...]
The driver will engage in 20 minutes.
c:\ipd>
00:21 [IPD starts protecting the system from inserting drivers]
...
13:13 [a bad hacker comes in to the system]
c:\alamakota> time
[now he turns the clock 14 hours back]
c:\alamakota> w2k_load verybaddrv.sys
c:\alamakota> time
[he restores the original time]
[system is compromised]
建议:
厂商补丁:
Pedestal Software
-----------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Pedestal Software Integrity Protection Driver 1.2:
Pedestal Software Upgrade Integrity Protection Driver 1.3
http://pedestalsoftware.com/download/ipd.zip
浏览次数:2962
严重程度:0(网友投票)
绿盟科技给您安全的保障