Advice Request Sophos HitmanPro.Alert memory disclosure and code execution vulnerabilities

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Cisco Talos is disclosing two vulnerabilities in Sophos HitmanPro.Alert, a malware detection and protection tool. Both vulnerabilities lie in the input/output control (IOCTL) message handler. One could allow an attacker to read kernel memory contents, while the other allows code execution and privilege escalation.

Vulnerability Details

TALOS-2018-0635 (CVE-2018-3970) - HitmanPro.Alert hmpalert Kernel Memory Disclosure Vulnerability.

An exploitable memory disclosure vulnerability exists in the IOCTL-handler function of Sophos HitmanPro.Alert, version 3.7.6.744. A specially crafted IOCTL request sent by any user on the system to the hmpalert device results in the contents from the privileged kernel memory returning to the user. You can read the full details of the vulnerability here.


Source: Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: TALOS-2018-0635/0636 - Sophos HitmanPro.Alert memory disclosure and code execution vulnerabilities
 
Last edited by a moderator:
E

Eddie Morra

Hope they resolve soon.
They have already resolved it. It took them roughly 2 months to patch.

2018-07-23 - Vendor Disclosure
2018-09-17 - Vendor Patched
2018-10-25 - Public Release


For starters, patching it could have been started by slapping on some security for the device object and only using it from privileged user-mode process(es). That would be an ideal starting place.

Applying Security Descriptors on the Device Object - Windows drivers

I'm speechless.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top