Thursday, 10 January 2008

Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability

iDefense has published an advisory for a vulnerability in the Motorola netOctopus Agent which was discovered by Stephen Fewer of Harmony Security. It is a local privilege escalation vulnerability whereby an unprivileged user can reliably execute malicious code in ring 0 by hijacking the SYSENTER_EIP_MSR via an improperly exposed interface in the NantSys device driver.

You can read the full iDefense advisory here:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=636

You can read Motorola's fix for the issue here:
http://www.netopia.com/support/software/technotes/netoctopus/Removing_the_nantsys_Driver.pdf [PDF]