BestCrypt BCTool UMount Buffer Overflow Vulnerability

BestCrypt is a commercial file system encryption software package distributed by Jetico. BestCrypt offers compatibility on the Windows and Linux platforms, using open development standards to offer a secure product.

A problem with BestCrypt makes it possible for a local user to gain elevated privileges. Due to insufficient checking of bounds by the program bctool when unmounting an encrypted file system, it's possible to overflow a buffer within the program, overwriting variables on the stack. This could lead to execution of code as root.

This problem makes it possible for a local user to gain elevated privileges. Successful exploitation of this vulnerability leads to root compromise.


 

Privacy Statement
Copyright 2010, SecurityFocus