Summary
This host has TheGreenBow IPSec VPN Client installed and is prone to Denial of Service vulnerability.
Impact
Attackers can exploit this issue via crafted requests to x80000034 IOCTL probably involving an input or output buffer size of 0 to cause denial of service.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
The flaw is due to a NULL-pointer dereference error in 'tgbvpn.sys' driver when processing x80000034 IOCTLs.
Affected
TheGreenBow IPSec VPN Client version 4.61.003 and prior on Windows.
References
Severity
Classification
-
CVE CVE-2009-2918 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Samba 'etc/mtab' File Appending Local Denial of Service Vulnerability
- Oracle VM VirtualBox Local Denial of Service Vulnerability-01 Oct2013 (Mac OS X)
- Oracle VM VirtualBox Local Denial of Service Vulnerability-01 Oct2013 (Linux)
- Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows)
- Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)