On Fri, 29 Jun 2001, Juergen Pabel wrote:

-->Summary:
-->
-->CylantSecure is a kernel patch and system that analyses behavior and kills
-->programs that deviates from the "normal" system behaviour. The
-->vulnerability lies in the processessing delay that occurs between a process
-->violating some security rule and the actual killing of the process (a user
-->space analyser). By inserting a module (which in itself is a violation, but
-->due to the mentioned delay it suceeds) that reroutes function pointers the
-->system can effectively be disabled. The vulnerability exists in
-->CylantSecure 1.1 and earlier (the Cylant Team has been notified and is
-->working on a fix).

Attacks against the cylent secure kernel modules is a known issue.

I belive the first refrence I personally saw to such an attack
is describe in an article at:
http://www.securitynewsportal.com/article.php?sid=220

From the posting it seems that the anonymous poster was aware,
and took for granted the delayed detection.

-->
-->Attached is an exploit for this vulnerability.
-->
-->Juergen Pabel
-->juergenpabel.net
-->

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]