[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] BitDefender Total Security 2018 - Insecure Pipe Permissions

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] BitDefender Total Security 2018 - Insecure Pipe Permissions
From: filipe <filipe.xavier@xxxxxxxxxxxxxx>
Date: Tue, 6 Mar 2018 16:04:44 -0300

=====[ Tempest Security Intelligence - ADV-19/2018 ]===

BitDefender Total Security 2018 - Insecure Pipe Permissions
-------------------------------------------------------
Author:
- Filipe Xavier Oliveira: <filipe.xavier () tempest.com.br

=====[ Table of Contents
]=====================================================

* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Overview
]==============================================================

* System affected : BitDefender Total Security [1]
* Software Version : 2018. Other versions or models may also be affected.
* Impact : A low priveliged user can access and modify all DACLS of all
pipes with full access allowed.

=====[ Detailed description
]==================================================

BitDefender Total Security 2018 allows local users to gain privileges or
cause a denial of service by impersonating all the pipes through a use
of an "insecurely created named pipe".
Ensures full access to Everyone users group. All pipes used by services
(vsserv.exe, updatesrv.exe, DevMgmtService.exe, bdwtxag.exe,
bdagent.exe) from application.

=====[ Timeline of disclosure
]===============================================

01/24/2018 - Vendor was informed of the vulnerability.
01/29/2018 - Vendor did not respond.
01/24/2018 - CVE assigned [2]
03/06/2018 - Advisory publication date.

=====[ Thanks & Acknowledgements
]============================================

- Tempest Security Intelligence / Tempest's Pentest Team [3]

=====[ References
]===========================================================

[1] - https://www.bitdefender.com.br/
[2] - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6183
[3] - http://www.tempest.com.br/

-- 
Filipe Oliveira
Tempest Security Intelligence


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] BitDefender Total Security 2018 - Insecure Pipe Permissions
  - From: Alex BALAN

Prev by Date: [FD] 10-Strike Network Monitor 5.4 - Unquoted Service Path
Next by Date: [FD] Panda Global Security 17.0.1 - Unquoted service path
Previous by thread: [FD] 10-Strike Network Monitor 5.4 - Unquoted Service Path
Next by thread: Re: [FD] BitDefender Total Security 2018 - Insecure Pipe Permissions
Index(es):
- Date
- Thread