Vulnerability Description
The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thegreenbow | Thegreenbow Vpn Client | 4.61.003 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/36332Vendor Advisory
- http://www.securityfocus.com/archive/1/505816/100/0/threaded
- http://www.vupen.com/english/advisories/2009/2294Vendor Advisory
- https://www.evilfingers.com/advisory/Advisory/TheGreenBow_VPN_Client_tgbvpn.sys_Exploit
- http://secunia.com/advisories/36332Vendor Advisory
- http://www.securityfocus.com/archive/1/505816/100/0/threaded
- http://www.vupen.com/english/advisories/2009/2294Vendor Advisory
- https://www.evilfingers.com/advisory/Advisory/TheGreenBow_VPN_Client_tgbvpn.sys_Exploit
FAQ
What is CVE-2009-2918?
CVE-2009-2918 is a vulnerability with a CVSS score of 2.1 (LOW). The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL...
How severe is CVE-2009-2918?
CVE-2009-2918 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2918?
Check the references section above for vendor advisories and patch information. Affected products include: Thegreenbow Thegreenbow Vpn Client.