Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

NS-Remote - Deterministic Network Enhancer Privilege Escalation Vulnerability

0

0

Article ID: JSA10383 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 3.0
Legacy Advisory Id:
PSN-2008-06-045
Product Affected:
Juniper NS-Remote VPN Client 9.0r3 and older versions are affected. The latest Juniper NS-Remote VPN Client 9.0r4 is not affected.
Problem:
A security vulnerability in NS-Remote (specifically the Deterministic Network Enhancer driver) has been reported which allows a local process to gain elevated privileges. The vulnerability exists in the dne2000.sys driver. By making a certain ioctl to the DNE device driver, it is possible to execute code with windows kernel privileges. This vulnerability is only exploitable locally.

Questions about this vulnerability should be sent to sirt@juniper.net.
Solution:
This issue is resolved in the NS-Remote VPN Client version 9.0r4.
Implementation:
Customers are recommended to download and install NS-Remote VPN Client version 9.0r4. Should you have difficulty downloading this version, please contact the Juniper Support Center.
Severity Level:
Low
Severity Assessment:
By making a certain ioctl to the DNE device driver, it is possible to execute code with windows kernel privileges. This vulnerability is only exploitable locally.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search