search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Dokan file system driver contains a stack-based buffer overflow

Vulnerability Note VU#741315

Original Release Date: 2018-12-20 | Last Revised: 2019-01-15

Overview

A system driver in the Dokan Open Source File System contains a stack-based buffer overflow, which could allow an attacker to gain elevated privileges on the host machine.

Description

CWE-121: Stack-based Buffer Overflow - CVE-2018-5410

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.

Impact

An attacker could corrupt the kernel memory and elevate their system privileges to gain control of the system.

Solution

Update to the newest version
Dokan developers have released a new version, 1.2.1, that fixes this vulnerability by validating the user input.

Please see the update here.

Vendor Information

741315
 
Affected   Unknown   Unaffected

Atmo O

Notified:  December 19, 2018 Updated:  December 20, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FtpUse

Notified:  December 19, 2018 Updated:  December 20, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Google

Notified:  December 10, 2018 Updated:  December 20, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Keybase

Updated:  January 15, 2019

Status

  Affected

Vendor Statement

After Dokan released a version containing this fix, Keybase added the upgraded package version 1.2.1.2000 and added a check to not mount to older drivers, and included these in a hotfix update, version 2.12.3-20181221135356+d161abd500.

Vendor Information

See Keybase security advisory 003 for more details: https://keybase.io/docs/secadv/kb003

Vendor References

https://keybase.io/docs/secadv/kb003

MLV Filesystem

Notified:  December 20, 2018 Updated:  December 20, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MSSQLFS

Updated:  December 20, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MooseFS

Notified:  December 19, 2018 Updated:  December 20, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ninefs

Notified:  December 20, 2018 Updated:  December 20, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenDedup

Notified:  December 19, 2018 Updated:  December 20, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

RedFS

Notified:  December 19, 2018 Updated:  December 20, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SrcDemo2

Notified:  December 19, 2018 Updated:  December 20, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

WinUnionFS

Updated:  December 20, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

encfs4win

Notified:  December 20, 2018 Updated:  December 20, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

fuse-nfs

Notified:  December 19, 2018 Updated:  December 20, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cuemounter

Updated:  December 20, 2018

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Peonefs

Updated:  December 20, 2018

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Shaman.Dokan.Warc

Updated:  December 20, 2018

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Win-SSHFS

Updated:  December 20, 2018

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 5.2 AV:L/AC:L/Au:S/C:C/I:P/A:N
Temporal 4.3 E:F/RL:OF/RC:C
Environmental 4.3 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Parvez Anwar for reporting this vulnerability.

This document was written by Madison Oliver.

Other Information

CVE IDs: CVE-2018-5410
Date Public: 2018-12-21
Date First Published: 2018-12-20
Date Last Updated: 2019-01-15 16:31 UTC
Document Revision: 26

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.