[security-alerts] FW: [SA20629] Kaspersky Anti-Virus "klif.sys" Denial of Service Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> Kaspersky Anti-Virus "klif.sys" Denial of Service Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA20629
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/20629/
> 
> CRITICAL:
> Not critical
> 
> IMPACT:
> DoS
> 
> WHERE:
> Local system
> 
> SOFTWARE:
> Kaspersky Anti-Virus 5.x
> http://secunia.com/product/2781/
> Kaspersky Anti-Virus 6.x
> http://secunia.com/product/10470/
> Kaspersky Internet Security 6.x
> http://secunia.com/product/10471/
> 
> DESCRIPTION:
> Skywing has discovered a vulnerability in Kaspersky Anti-Virus, which
> potentially can be exploited by malicious, local users to cause a DoS
> (Denial of Service).
> 
> The vulnerability is caused due to missing validation of pointers
> supplied by user-space programs before they are used by custom system
> services installed by "klif.sys" to access memory. This can be
> exploited to cause the system to reboot due to invalid memory
> access.
> 
> The vulnerability has been confirmed in Kaspersky Anti-Virus
> 6.0.0.300, Kaspersky Internet Security 6.0.0.300, and also reported
> in Kaspersky Internet Security Suite 5.0. Other versions may also be
> affected.
> 
> SOLUTION:
> Restrict system access to trusted users only.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Skywing
> 
> ORIGINAL ADVISORY:
> http://uninformed.org/index.cgi?v=4&a=4&p=4