lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 11 May 2009 12:06:47 +0700
From: Bkis <svrt@...v.com.vn>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [Bkis-08-2009] Microchip MPLAB IDE Buffer Overflow Vulnerability

Microchip MPLAB IDE Buffer Overflow Vulnerability

1. General Information

MPLAB IDE is a famous Integrated Development Environment (IDE) of 
Microchip (www.microchip.com) that provides a single integrated 
environment to develop applications for Microchip microcontrollers and 
digital signal controllers.

In March 2009, Bkis has just detected a vulnerability in this software. 
This vulnerability arises from the way MPLAB IDE processes IDE Project 
files with extension of .mcp. It could lead to a critical buffer 
overflow error that allows hackers to execute malicious code on users’ 
systems. We have submitted to vendor.

Details : http://security.bkis.vn/?p=654
Bkis Advisory : Bkis-08-2009.
Initial vendor notification : 15/03/2009
Release Date : 11/05/2009
Update Date : 11/05/2009
Discovered by : Le Duc Anh, Bkis.
Attack Type : Buffer Overflow.
Security Rating : High.
Impact : Code Execution.
Affected Software : Microchip MPLAB IDE 8.30 (Prior versions may also be 
affected).
PoC : http://security.bkis.vn/wp-content/uploads/2009/05/mplap_ide_poc.zip


2. Technical Description

MCP files are used to store essential information about a MPLAB IDE 
Project (in plain text). The software has not handled the file format 
well enough resulting in a critical security issue. Many fields in this 
file format might create buffer overflow error when set with an overly 
long value such as: [FILE_INFO], [CAT_FILTERS] ….

In order to exploit, a hacker might create a specially crafted .mcp file 
and trick users into using it. If successful, hackers can perform local 
attack, inject viruses, steal sensitive information and even take 
control of the victim’s system.

3. Solution

The vendor hasn’t fixed this vulnerability yet. Therefore, Bkis 
recommends that users be cautious with MPLAB IDE Project source from 
untrustworthy sources until the vendor release the patch.

Bkis (http://security.bkis.vn)

Powered by blists - more mailing lists