SRC-2017-0026 : Jungo DriverWizard WinDriver Kernel Pool Overflow Privilege Escalation Vulnerability

CVE ID:

CVE-2017-14153

CVSS Score:

6.2, (AV:L/AC:H/Au:N/C:C/I:C/A:C)

Affected Vendors:

Jungo

Affected Products:

DriverWizard WinDriver

Vulnerability Details:

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Jungo WinDriver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the processing of IOCTL 0x953824b7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.

Vendor Response:

Jungo has not issued an update to correct this vulnerability.

Disclosure Timeline:

  • 2017-08-22 – Verified and sent to Jungo via sales@/first@/security@/info@jungo.com
  • 2017-08-25 – No response from Jungo and two bounced emails
  • 2017-08-26 – Attempted a follow up with the vendor via website chat
  • 2017-08-26 – No response via the website chat
  • 2017-09-03 – Recieved an email from a Jungo representative stating that they are "looking into it"
  • 2017-09-03 – Requested a timeframe for patch development and warned of possible 0day release
  • 2017-09-06 – No response from Jungo
  • 2017-09-06 – Public 0day release of advisory

Proof of Concept:

/pocs/src-2017-0026.py.txt

Credit:

This vulnerability was discovered by Steven Seeley (mr_me) of Source Incite