lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 5 Oct 2012 19:25:32 -0500
From: beford <xbefordx@...il.com>
To: bugs@...uritytracker.com, bugtraq@...urityfocus.com
Subject: Blender 2.63 Exploitable User Mode Write AV

Description: User Mode Write AV
Short Description: WriteAV
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - User Mode Write AV starting at
blender!PyInit_aud+0x00000000003a56cc (Hash=0x23420309.0x667c4642)

User mode write access violations that are not near NULL are exploitable.

POC Files
=======
Attachments: http://projects.blender.org/tracker/index.php?func=detail&aid=32653&group_id=9&atid=498

Vendor Acknowledged
=========
http://projects.blender.org/tracker/index.php?func=detail&aid=32653&group_id=9&atid=498

Vendor Response
========
We don't care.

They do not intend to fix this bug or any other security bug. It only
took about 30 minutes to find all of these with a small amount of seed
files (around 10) using FOE2:

./EXPLOITABLE/0x23420309.0x667c4642/sf_0378e695403019ae75f46c47a4d71299-47-0x05841040-minimized.blend
./EXPLOITABLE/0x24432e67.0x684e3725/sf_fac171c436911fadb381eb2a9ef0760c-878-0x0ce41000-minimized.blend
./EXPLOITABLE/0x574b491d.0x574b4935/sf_6e55b1a0f2696a0bc4e80cbb468429f0-435-0x00846446-minimized.blend
./EXPLOITABLE/0x655e6416.0x467d0874/sf_c40aa52b109a96a511e9433d4ac56b51-255-0x4c425952-minimized.blend
./PROBABLY_EXPLOITABLE/0x23420309.0x0244045e/sf_9dab7310ddde4fbc4136fdca1fecc00a-978-0x05890000-minimized.blend
./PROBABLY_EXPLOITABLE/0x23420309.0x0e4d1e23/sf_fac171c436911fadb381eb2a9ef0760c-15-0x0cd72000-minimized.blend
./PROBABLY_EXPLOITABLE/0x23420309.0x20456162/sf_2f3647f84b4baff07959929aa1c33a5c-394-0x05a30000-minimized.blend
./PROBABLY_EXPLOITABLE/0x23420309.0x24367e2d/sf_9fdabc33e3fe46177504cbf7e566f65d-1225-0x05a52004-minimized.blend
./PROBABLY_EXPLOITABLE/0x23420309.0x243f7e2d/sf_60fd4e31e7c1fda4c51c40a348c6da4b-75-0x0c9b9000-minimized.blend
./PROBABLY_EXPLOITABLE/0x23420309.0x3c214a19/sf_2f3647f84b4baff07959929aa1c33a5c-424-0x00000000-minimized.blend
./PROBABLY_EXPLOITABLE/0x23420309.0x66274642/sf_6e55b1a0f2696a0bc4e80cbb468429f0-560-0x05b6000c-minimized.blend
./PROBABLY_EXPLOITABLE/0x23420309.0x662b1d4e/sf_60fd4e31e7c1fda4c51c40a348c6da4b-1195-0x05a40000-minimized.blend
./PROBABLY_EXPLOITABLE/0x23420309.0x74000f4c/sf_c40aa52b109a96a511e9433d4ac56b51-853-0x0cd4b000-minimized.blend
./PROBABLY_EXPLOITABLE/0x23420309.0x74080f4c/sf_2f3647f84b4baff07959929aa1c33a5c-394-0x05813000-minimized.blend
./PROBABLY_EXPLOITABLE/0x24432e67.0x032d7039/sf_bbdbbb1315eed73948d9812aa075ac89-309-0x05980000-minimized.blend
./PROBABLY_EXPLOITABLE/0x24432e67.0x03777039/sf_60fd4e31e7c1fda4c51c40a348c6da4b-337-0x0ca87000-minimized.blend
./PROBABLY_EXPLOITABLE/0x24432e67.0x6776414c/sf_fac171c436911fadb381eb2a9ef0760c-195-0x0cc27004-minimized.blend
./PROBABLY_EXPLOITABLE/0x43317564.0x06317564/sf_60fd4e31e7c1fda4c51c40a348c6da4b-48-0x00000000-minimized.blend
./PROBABLY_EXPLOITABLE/0x492b4007.0x62223b6d/sf_c40aa52b109a96a511e9433d4ac56b51-172-0x00000000-minimized.blend
./PROBABLY_EXPLOITABLE/0x655e6416.0x6c0f6a7a/sf_0378e695403019ae75f46c47a4d71299-1218-0x00000305-minimized.blend
./PROBABLY_EXPLOITABLE/0x6607464c.0x43096734/sf_fac171c436911fadb381eb2a9ef0760c-908-0x1e24fffc-minimized.blend

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ