Details of VAR-201004-0514

ID

VAR-201004-0514

TITLE

Rising Antivirus 2010 RsAssist.sys Driver Local Privilege Escalation Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-0692

DESCRIPTION

Rising is a well-known anti-virus software vendor in China. The RsAssist.sys driver used by Rising Antivirus 2010 does not properly handle IOCTL requests, and local users can execute arbitrary kernel mode code by running malicious programs. Rising Antivirus 2010 is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with superuser privileges and completely compromise the affected computer. Failed exploit attempts will result in a denial-of-service condition. The issue affects Rising Antivirus 2010 versions prior to 22.0.3.54. ---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Rising Antivirus 2010 RsAssist.sys Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA39557 VERIFY ADVISORY: http://secunia.com/advisories/39557/ DESCRIPTION: A vulnerability has been reported in Rising Antivirus 2010, which can be exploited by malicious, local users to potentially gain escalated privileges. The vulnerability is caused due to an error in the RsAssist.sys driver when handling IOCTLs. This can be exploited to potentially execute arbitrary code in kernel space via a specially crafted IOCTL. SOLUTION: Update to version 22.0.3.54 or later. PROVIDED AND/OR DISCOVERED BY: NT Internals ORIGINAL ADVISORY: NT Internals: http://www.ntinternals.org/ntiadv1001/ntiadv1001.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.9

sources: CNVD: CNVD-2010-0692 // BID: 39627 // PACKETSTORM: 88802

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-0692

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	rising	model:	antivirus international rising antivirus	scope:	eq	version:	201022.0.3	Trust: 0.3
vendor:	rising	model:	antivirus international rising antivirus	scope:	ne	version:	201022.0.354	Trust: 0.3

sources: CNVD: CNVD-2010-0692 // BID: 39627

THREAT TYPE

local

Trust: 0.4

sources: BID: 39627 // PACKETSTORM: 88802

TYPE

Design Error

Trust: 0.3

sources: BID: 39627

EXTERNAL IDS

db:	BID	id:	39627	Trust: 0.9
db:	SECUNIA	id:	39557	Trust: 0.7
db:	CNVD	id:	CNVD-2010-0692	Trust: 0.6
db:	PACKETSTORM	id:	88802	Trust: 0.1

sources: CNVD: CNVD-2010-0692 // BID: 39627 // PACKETSTORM: 88802

REFERENCES

url:	http://secunia.com/advisories/39557/	Trust: 0.7
url:	http://www.ntinternals.org/ntiadv1001/ntiadv1001.html	Trust: 0.4
url:	http://www.rising-global.com/	Trust: 0.3
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2010-0692 // BID: 39627 // PACKETSTORM: 88802

CREDITS

NT Internals

Trust: 0.3

sources: BID: 39627

SOURCES

db:	CNVD	id:	CNVD-2010-0692
db:	BID	id:	39627
db:	PACKETSTORM	id:	88802

LAST UPDATE DATE

2022-05-17T02:09:18.266000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-0692	date:	2010-04-25T00:00:00
db:	BID	id:	39627	date:	2010-04-22T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-0692	date:	2010-04-25T00:00:00
db:	BID	id:	39627	date:	2010-04-22T00:00:00
db:	PACKETSTORM	id:	88802	date:	2010-04-22T06:51:27