CVE-2020-15479 - OpenCVE

An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Passmark	Osforensics Burnintest Performancetest

Configuration 1 [-]

OR	cpe:2.3:a:passmark:burnintest::::::::
	cpe:2.3:a:passmark:osforensics::::::::
	cpe:2.3:a:passmark:performancetest::::::::

References

Link	Resource
https://github.com/eset/vulnerability-disclosures	Third Party Advisory
https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15479/CVE-2020-15479.md	Exploit Third Party Advisory
https://www.passmark.com/forum/index.php	Vendor Advisory
https://www.passmark.com/support/index.php	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-07T20:04:23

Updated: 2020-08-07T20:04:23

Reserved: 2020-07-01T00:00:00

Link: CVE-2020-15479

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-08-07T21:15:10.473

Modified: 2020-08-12T16:07:55.233

Link: CVE-2020-15479

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-07T20:04:23", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/eset/vulnerability-disclosures"}, {"tags": ["x_refsource_MISC"], "url": "https://www.passmark.com/forum/index.php"}, {"tags": ["x_refsource_MISC"], "url": "https://www.passmark.com/support/index.php"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15479/CVE-2020-15479.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15479", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/eset/vulnerability-disclosures", "refsource": "MISC", "url": "https://github.com/eset/vulnerability-disclosures"}, {"name": "https://www.passmark.com/forum/index.php", "refsource": "MISC", "url": "https://www.passmark.com/forum/index.php"}, {"name": "https://www.passmark.com/support/index.php", "refsource": "MISC", "url": "https://www.passmark.com/support/index.php"}, {"name": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15479/CVE-2020-15479.md", "refsource": "MISC", "url": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15479/CVE-2020-15479.md"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15479", "datePublished": "2020-08-07T20:04:23", "dateReserved": "2020-07-01T00:00:00", "dateUpdated": "2020-08-07T20:04:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:passmark:burnintest:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCFF39A7-3802-4894-8F34-1229377FC16C", "versionEndIncluding": "9.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:passmark:osforensics:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AF580B6-AA3A-4067-A992-9F23909E8990", "versionEndIncluding": "7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:passmark:performancetest:*:*:*:*:*:*:*:*", "matchCriteriaId": "A037C148-281D-4C87-AFE8-7C692DE81C4B", "versionEndIncluding": "10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys."}, {"lang": "es", "value": "Se detect\u00f3 un problema en PassMark BurnInTest versiones hasta 9.1, OSForensics versiones hasta 7.1 y PerformanceTest versiones hasta 10. El manejador de peticiones IOCTL del controlador intenta copiar el b\u00fafer de entrada en la pila sin comprobar su tama\u00f1o y puede causar un desbordamiento del b\u00fafer. Esto podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo Ring-0 arbitraria y una escalada de privilegios. Esto afecta a las bibliotecas DirectIo32.sys y DirectIo64.sys"}], "id": "CVE-2020-15479", "lastModified": "2020-08-12T16:07:55.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-07T21:15:10.473", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/eset/vulnerability-disclosures"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15479/CVE-2020-15479.md"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.passmark.com/forum/index.php"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.passmark.com/support/index.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}