Paul.R

Level 11
Verified
Here is a list of the 9 kernel vulnerabilities I discovered over a month ago in an antivirus product called IKARUS anti.virus which has finally been fixed. Most of the vulnerabilities were due to the inputted output buffer address (Irp->UserBuffer) being saved on the stack which is later used without being validated when using as an argument. The table below lists the ioctls, related CVE and type of vulnerability:

IOCTLCVE IDVulnerability Type
0x8300000cCVE-2017-14961Arbitrary Write
0x83000058CVE-2017-14962Out of Bounds Write
0x83000058CVE-2017-14963Arbitrary Write
0x8300005cCVE-2017-14964Arbitrary Write
0x830000ccCVE-2017-14965Arbitrary Write
0x830000c0CVE-2017-14966Arbitrary Write
0x83000080CVE-2017-14967Arbitrary Write
0x830000c4CVE-2017-14968Arbitrary Write
0x83000084CVE-2017-14969Arbitrary Write
 

Sunshine-boy

Level 27
Verified
Last edited:

notabot

Level 8
this is why we should avoid security tools that offer no bug bounty+dont have many users.
Bitdefender(Bitdefender’s bug bounty program | Bugcrowd)
Kaspersky(Kaspersky Lab - Bug Bounty Program | HackerOne)
Avast(The Avast bug bounty program)
windows defender(Microsoft Bounty Programs | MSRC)
F-Secure(Vulnerability Reward Program | F-Secure Labs)
360(360 Security Response Center)
they all have great bug bounty plus a lot of user(more users better)
Agreed

I remember I had this discussion a couple of months ago here with another forum member and I mentioned explicitly the AV attack surface and the pluses of scrutinized products which get frequent updates. The counter argument I read was essentially security by obscurity and even explicitly to use Ikarus...
 

notabot

Level 8
There is a certain logic to that, as long as you are not subjected to targeted attacks.
Still I don’t see why one should increase their attack surface with a product whose own security is not scrutinized. And it’s not just targeted attacks, any remote vulnerability can be added to a metasploit-like tool on a just in case the user has this installed basis.
 
Reactions: RXZ6Q