lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <49EEAA33.6010402@bkav.com.vn>
Date: Wed, 22 Apr 2009 12:25:07 +0700
From: Bkis <svrt@...v.com.vn>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities

010 Editor Multiple Buffer Overflow Vulnerabilities

1. General Information

010 Editor is a text editor and hex editor, with a lot of functions as 
view and edit binary files, analyze and edit binary data, import and 
export binary data in many different formats.

Bkis has just found many vulnerabilities in the software, related to the 
processing of 010 Editor Binary Template files (“.bt”) and 010 Editor 
Script Files (“.1sc”). These vulnerabilities are very dangerous due to 
the fact that they allow hackers to execute malicious code on users’ 
systems.

We’ve reported to the vendor about the errors and they’ve released a 
fixed version. All related information can be reached at: 
http://www.sweetscape.com/010editor/release_notes.html

Details : http://security.bkis.vn/?p=580
Bkis Advisory : Bkis-07-2009
Initial vendor notification : 03/04/2009
Release Date : 04/22/2009
Update Date : 04/22/2009
Discovered by : Le Duc Anh - Bkis
Attack Type : Buffer Overflow
Security Rating : Critical
Impact : Code Execution
Affected Software : 010 Editor Version <= 3.0.4
PoC : 
http://security.bkis.vn/wp-content/uploads/2009/04/010editor_v304_poc.zip

2. Technical Description

Binary Template and Script files are advertised as highlighted features 
of 010 Editor. Binary Template files help users parse and edit many 
types of binary files and Script files let users perform automatic 
tasks. The software has not handled these file formats well enough 
resulting in a lot of serious vulnerabilities.

Many fields in those two file formats might create buffer overflow 
errors when set with an overly long value. More precisely, errors can 
occur in the handling of the following fields and elements:
• Struct name in “.bt” files
• Custom attributes in “.bt” files
• Number format (a number prefixed by “0x”, or something else) in both 
“.bt” and “.1sc” files
• Mathematics operators in both “.bt” and “.1sc” files
• Function name in “.1sc” files
• Function parameters in “.1sc” files

In order to exploit, a hacker might create a specially crafted “.bt” or 
“.1sc” file and trick users into using it. If successful, hackers can 
perform local attack, inject viruses, steal sensitive information and 
even take control of the victim’s system.

3. Solution

The producer has fixed the vulnerability in 010 Editor Version 3.0.5. 
Rating this vulnerability high severity, Bkis recommends that users 
should update their software to the latest version.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ