lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20080203193607.363742003A@mailserver7.hushmail.com>
Date: Sun, 03 Feb 2008 19:36:07 +0000
From: "Elazar Broad" <elazar@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: FaceBook/Aurigma Image/PhotoUploader Buffer
	Overflow

Who:
FaceBook
http://www.facebook.com

Aurigma
http://www.aurigma.com

What:
FaceBook uses Aurigma's ImageUploader control. This control enables 
users to upload photos to FaceBook.

How:
Please note that this vulnerability is DIFFERENT than the one that 
I previously posted. This also affects the stock Aurigma 
ImageUploader control.

The control is vulnerable to a stack-based buffer overflow in the 
ExtractExif and ExtractIptc properties. See the exploit code for 
buffer offsets. Other properties may be vulnerable as well to a DoS 
and/or code execution.

The following controls are vulnerable, other version may be 
vulnerable as well:

{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}
FaceBook PhotoUploader 4.5.57.0

{6E5E167B-1566-4316-B27F-0DDAB3484CF7}
Aurigma ImageUploader4 4.6.17.0 
Aurigma ImageUploader4 4.5.70.0 
Aurigma ImageUploader4 4.5.126.0

{BA162249-F2C5-4851-8ADC-FC58CB424243} 
Aurigma ImageUploader5 5.0.10.0 

The following controls are NOT vulnerable:

{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}
FaceBook PhotoUploader 4.5.57.1

Fix:
FaceBook PhotoUploader: Update to 4.5.57.1
Aurigma: No official fix known. Vendor has been notified

Workaround:
Set the killbit for these controls, see 
http://support.microsoft.com/kb/240797

Exploit:
Code should be posted on milw0rm shortly

Elazar

--
Click here for free information on how to reduce your debt by filing for bankruptcy.
http://tagline.hushmail.com/fc/Ioyw6h4elLzBhoUyndVr9y0FUHMKd5NvFr9ZX2hIQb9ucOEZJnaoSc/
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ