Advice Request Sophos HitmanPro.Alert memory disclosure and code execution vulnerabilities

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Cisco Talos is disclosing two vulnerabilities in Sophos HitmanPro.Alert, a malware detection and protection tool. Both vulnerabilities lie in the input/output control (IOCTL) message handler. One could allow an attacker to read kernel memory contents, while the other allows code execution and privilege escalation.

Vulnerability Details

TALOS-2018-0635 (CVE-2018-3970) - HitmanPro.Alert hmpalert Kernel Memory Disclosure Vulnerability.

An exploitable memory disclosure vulnerability exists in the IOCTL-handler function of Sophos HitmanPro.Alert, version 3.7.6.744. A specially crafted IOCTL request sent by any user on the system to the hmpalert device results in the contents from the privileged kernel memory returning to the user. You can read the full details of the vulnerability here.


Source: Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: TALOS-2018-0635/0636 - Sophos HitmanPro.Alert memory disclosure and code execution vulnerabilities
 
Last edited by a moderator:
  • Like
Reactions: upnorth, Daviworld, Bozalosc and 10 others
E

Eddie Morra

stepseven84 said:
Hope they resolve soon.
Click to expand...
They have already resolved it. It took them roughly 2 months to patch.

2018-07-23 - Vendor Disclosure
2018-09-17 - Vendor Patched
2018-10-25 - Public Release
Click to expand...


For starters, patching it could have been started by slapping on some security for the device object and only using it from privileged user-mode process(es). That would be an ideal starting place.

Applying Security Descriptors on the Device Object - Windows drivers

I'm speechless.
 
  • Like
Reactions: Dave Russo, upnorth, Bozalosc and 5 others
Status
Not open for further replies.

Similar threads

upnorth
    • +Reputation
    • Like
Asus Router Access, information disclosure, Denial of Service Vulnerabilities discovered
Replies
0
Views
849
News Archive
upnorth
upnorth
M
    • Like
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Replies
0
Views
411
Microsoft Defender
Microsoft Threat Intelligence
M
enaph
    • +Reputation
    • Like
New Update macOS 14.4 brings 50+ security fixes, iOS 17.4 patch list expands to over 40
Replies
1
Views
691
macOS, iOS & iPadOS
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top