Secunia Research: SafeNet Sentinel Driver / Protection Installer IOCTL 0x220000 Multiple Vulnerabilities

======================================================================

                    Secunia Research 08/03/2016

             SafeNet Sentinel Driver / Protection Installer
                IOCTL 0x220000 Multiple Vulnerabilities

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerabilities.......................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

* SafeNet Sentinel Protection Installer version 7.6.8.
* SafeNet Sentinel Driver version 7.5.9.

======================================================================
2) Severity

Rating: Less critical
Impact: Information Disclosure, Privilege Escalation
Where:  Local

======================================================================
3) Description of Vulnerabilities

Secunia Research have discovered multiple vulnerabilities in SafeNet
Sentinel Driver and SafeNet Sentinel Protection Installer, which can
be exploited by malicious, local users to disclose potentially
sensitive information and gain escalated privileges.

1) Two boundary errors in the Sentinel Parallel driver (sentinel.sys)
when handling IOCTL 0x220000 requests can be exploited to disclose
contents of certain kernel memory locations.

2) Two boundary errors in the Sentinel Parallel driver (sentinel.sys)
when handling IOCTL 0x220000 requests can be exploited to cause
out-of-bounds write memory accesses.

Successful exploitation of vulnerability #2 allows execution of
arbitrary code with kernel privileges.

======================================================================
4) Solution

No official solution is currently available.

======================================================================
5) Time Table

20/01/2016 - Initial contact with vendor.
20/01/2016 - Vendor requests clarification of affected products.
20/01/2016 - Responded with clarification.
21/01/2016 - Vendor responds with service ticket ID.
21/01/2016 - Vendor requests secure transfer of vulnerability details.
01/02/2016 - Details transferred.
01/02/2016 - Vendor confirms reception.
02/02/2016 - Requested fix date.
02/02/2016 - Vendor responds they are investigating.
12/02/2016 - Requested update.
16/02/2016 - Vendor informs they have not decided when and whether
             a fix will be released.
17/02/2016 - Vendor agrees to disclose details without a fix.
24/02/2016 - CVE identifier requested from MITRE.
25/02/2016 - MITRE responds CVE won't be assigned at this time.
25/02/2016 - Release of Secunia Advisory SA65536
08/03/2016 - Public disclosure of Research Advisory.

======================================================================
6) Credits

Discovered by Dmitry Janushkevich, Secunia Research at Flexera
Software.

======================================================================
7) References

Currently no CVE identifier is assigned.

======================================================================
8) About Secunia (now part of Flexera Software)

In September 2015, Secunia has been acquired by Flexera Software:

https://secunia.com/blog/435/

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/products/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/company/jobs/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2016-5/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================