CVE-2018-6852: Buffer Overflow
First published: Mon Jul 09 2018(Updated: )
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to zero out contents of a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sophos SafeGuard Easy Device Encryption Client | =6.00 | |
| Sophos SafeGuard Easy Device Encryption Client | =6.10 | |
| Sophos SafeGuard Easy Device Encryption Client | =7.00 | |
| Sophos SafeGuard Enterprise Device Encryption | =5.60.3-vs-nfd | |
| Sophos SafeGuard Enterprise Device Encryption | =6.00 | |
| Sophos SafeGuard Enterprise Device Encryption | =6.00.1 | |
| Sophos SafeGuard Enterprise Device Encryption | =6.10 | |
| Sophos SafeGuard Enterprise Device Encryption | =7.00 | |
| Sophos SafeGuard Enterprise Device Encryption | =8.00 | |
| Sophos SafeGuard LanCrypt Client | =3.90.1-ts | |
| Sophos SafeGuard LanCrypt Client | =3.90.2 | |
| Sophos SafeGuard LanCrypt Client | =3.95.1 | |
| Sophos SafeGuard LanCrypt Client | =3.95.1-ts |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-6852?
CVE-2018-6852 is classified as a local privilege escalation vulnerability.
How do I fix CVE-2018-6852?
To fix CVE-2018-6852, upgrade to the patched versions of Sophos SafeGuard Enterprise, SafeGuard Easy, or SafeGuard LAN Crypt as indicated in the advisory.
What systems are affected by CVE-2018-6852?
CVE-2018-6852 affects Sophos SafeGuard Enterprise prior to version 8.00.5, SafeGuard Easy prior to version 7.00.3, and SafeGuard LAN Crypt prior to version 3.95.2.
Can CVE-2018-6852 be exploited remotely?
No, CVE-2018-6852 requires local access to exploit, thus it cannot be executed remotely.
What is the impact of exploiting CVE-2018-6852?
Exploitation of CVE-2018-6852 allows an attacker to elevate their privileges on the affected system.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sophos
- canonical/sophos safeguard easy device encryption client
- version/sophos safeguard easy device encryption client/6.00
- version/sophos safeguard easy device encryption client/6.10
- version/sophos safeguard easy device encryption client/7.00
- canonical/sophos safeguard enterprise device encryption
- version/sophos safeguard enterprise device encryption/5.60.3-vs-nfd
- version/sophos safeguard enterprise device encryption/6.00
- version/sophos safeguard enterprise device encryption/6.00.1
- version/sophos safeguard enterprise device encryption/6.10
- version/sophos safeguard enterprise device encryption/7.00
- version/sophos safeguard enterprise device encryption/8.00
- canonical/sophos safeguard lancrypt client
- version/sophos safeguard lancrypt client/3.90.1-ts
- version/sophos safeguard lancrypt client/3.90.2
- version/sophos safeguard lancrypt client/3.95.1
- version/sophos safeguard lancrypt client/3.95.1-ts