CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2018-6856 – Sophos SafeGuard Priivlege Escalation
https://notcve.org/view.php?id=CVE-2018-6856
04 Jul 2018 — Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code... • http://seclists.org/fulldisclosure/2018/Jul/20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2018-6851 – Sophos SafeGuard Priivlege Escalation
https://notcve.org/view.php?id=CVE-2018-6851
04 Jul 2018 — Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0 will be written to a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run c... • http://seclists.org/fulldisclosure/2018/Jul/20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2018-6857 – Sophos SafeGuard Priivlege Escalation
https://notcve.org/view.php?id=CVE-2018-6857
04 Jul 2018 — Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. By crafting an input buffer we can control the execution path to the point where the constant 0x12 will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the ... • http://seclists.org/fulldisclosure/2018/Jul/20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2018-6852 – Sophos SafeGuard Priivlege Escalation
https://notcve.org/view.php?id=CVE-2018-6852
04 Jul 2018 — Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to zero out contents of a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor... • http://seclists.org/fulldisclosure/2018/Jul/20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2018-6853 – Sophos SafeGuard Priivlege Escalation
https://notcve.org/view.php?id=CVE-2018-6853
04 Jul 2018 — Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code... • http://seclists.org/fulldisclosure/2018/Jul/20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2018-6854 – Sophos SafeGuard Priivlege Escalation
https://notcve.org/view.php?id=CVE-2018-6854
04 Jul 2018 — Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x8810200F, 0x8810201B, 0x8810201F, 0x8810202B, 0x8810202F, 0x8810203F, 0x8810204B, 0x88102003, 0x88102007, 0x88102013, 0x88102017, 0x88102027, 0x88102033, 0x88102037, 0x88102043, and 0x88102047. When some conditions in the user-controlled input buffer are not met, the driver writes an error code (0x2000001A) to a u... • http://seclists.org/fulldisclosure/2018/Jul/20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2018-6855 – Sophos SafeGuard Priivlege Escalation
https://notcve.org/view.php?id=CVE-2018-6855
04 Jul 2018 — Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. By crafting an input buffer we can control the execution path to the point where the constant 0xFFFFFFF will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows... • http://seclists.org/fulldisclosure/2018/Jul/20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •