CVE-2008-5121 – Deterministic Network Enhancer - 'dne2000.sys' Kernel Ring0 SYSTEM

https://notcve.org/view.php?id=CVE-2008-5121

dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. dne2000.sys en Citrix Deterministic Network Enhancer (DNE) desde la version 2.21.7.233 a la 3.21.7.17464, tal y como se usa en (1) Cisco VPN Client, (2) Blue Coat WinProxy, y (3) SafeNet SoftRemote y HighAssurance Remote, permite a usuarios locales obtener privilegios a través de una petición DNE_IOCTL DeviceIoControl modificada a la interfaz de dispositivo \\.\DNE . • https://www.exploit-db.com/exploits/5837 http://secunia.com/advisories/30728 http://secunia.com/advisories/30744 http://secunia.com/advisories/30747 http://secunia.com/advisories/30753 http://securityreason.com/securityalert/4600 http://support.citrix.com/article/CTX117751 http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860 http://www.digit-labs.org/files/exploits/dne2000-call.c http://www.kb.cert.org/vuls/id/858993 http://www&# • CWE-264: Permissions, Privileges, and Access Controls •