Slashdot Mirror

← Back to Stories (view on slashdot.org)

Device Drivers Filled with Flaws, Pose Risk

Posted by ryuzaki0 on from the enemy-within dept.

Gary W. Longsine writes "Security Focus describes device drivers as an untapped source of buffer overflows, posing substantial risk not typically considered as part of a standard risk assessment. The security risks of device drivers on both Windows and Linux, including network (remotely exploitable) and hardware drivers (typically only locally exploitable) are discussed in the article. I've noticed that software you wouldn't expect sometimes installs a device driver component. I can understand this as a component of an antivirus or host based firewall, but it seems to be an oddly common design pattern on Windows, which clearly poses substantial risk."

9 of 189 comments (clear)

  1. One hardware driver one from way back. by Anonymous Coward · · Score: 5, Interesting

    Sending a modem user a ping with +++ATH0 embedded. As soon as it was returned, those modems with defective modem drivers that didn't filter anything would hang up. Quick simple DoS.

    Surprisingly it still works on some systems more than 18 years after I first tried it.

    1. Re:One hardware driver one from way back. by AndroidCat · · Score: 5, Informative

      That should only work with modems that took the cheap route. +++ is supposed to be wrapped with a guard delay that would prevent that. (There's probably some vulture lawyers still charging licence fees for Hayes' patent on that.)

      --
      One line blog. I hear that they're called Twitters now.
    2. Re:One hardware driver one from way back. by Myria · · Score: 5, Informative

      REAL modem drivers would use ATS2=255, which disables the +++ string. Then, to hang up, you drop the Terminal Ready (TR) bit of the serial port. This way, there is no string that can hang up the modem.

      Melissa

      --
      "Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
  2. Re:Design pattern by Anonymous Coward · · Score: 5, Informative

    Games do this often for their copy-protection methods. The most common is Starforce, which installs a driver without which the program will not run.

  3. there are many examples ... by tronicum · · Score: 5, Informative
    Most direct disc access (antivirus) or "personal firewall" products install theirself as driver between the physical and logical layer.

    This leads to many problems like stuff found recently in almost all Computer Associates eTrust Antivirus products. Because Zonealarm licenced the same software, they were affected, too.

    This is just one example of many :

    So many well known enterprice Antivurs/Firewall companys create drivers that lead to security flaws and it is not limited to Windows....

  4. Video games are the worst offenders by Myria · · Score: 5, Informative

    Video games' copy protection systems install device drivers like crazy to try to prevent CD-ROM emulators and such. Others install drivers to prevent cheating. When they do this, they often mess up the system involved and leave the system vulnerable to attack.

    For example, a few months ago, the nProtect anti-cheat system, which installs device drivers, had a buffer overflow in it that allowed local privilege escalation.

    Melissa

    --
    "Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
  5. Multimedia Keyboards by Lucractius · · Score: 5, Interesting

    seems these are almost everywhere these days. and with all the odd keys a lot of them Do need their own custom drivers for the extra keys and knobs and dials etc.

    whatever happend to the good old days when an IBM model M was all you needed :)

    --
    XML - A clever joke would be here if /. didn't mangle tag brackets.
  6. Re:Design pattern by moonbender · · Score: 5, Informative

    Look for yourself, if you are on Windows anyway. Open the device manager, check "show hidden devices" in the view menu and look at the new devices that appear. Especially the ones in the "Non-Plug and Play Drivers" category. Some examples from my system include "Creative AC3 software decoder" (along with half a dozen more drivers the Audigy installs), "StyleXP helper" (Window skinning), "mnmdd" (no clue). And this is a fairly clean system, apart from Style XP maybe. Most of these would make sense as services, but device drivers? Not that there is a shortage of services on a typical Win XP system!

    --
    Switch back to Slashdot's D1 system.
  7. duh. by Crimson+Dragon · · Score: 5, Informative

    To cite poor design as a source of security vulnerability is to state the obvious. We spend so many man hours fixing problems that didn't have to exist in the first place, that we cannot address the problems that came inevitably over the course of implementation of software packages and protocols.

    --
    The Crimson Dragon