Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities

From: Tavis Ormandy <taviso () sdf lonestar org>
Date: Wed, 22 Apr 2009 11:31:25 +0200
Bkis <svrt () bkav com vn> wrote:

Bkis has just found many vulnerabilities in the software, related to the
processing of 010 Editor Binary Template files (“.bt”) and 010 Editor
Script Files (“.1sc”). These vulnerabilities are very dangerous due to the
fact that they allow hackers to execute malicious code on users’ systems.



I think you're confused, these scripts can execute programs, create and
modify files, modify running processes, and so on. Perhaps you're confusing
the concept of "modelines" with editor automation (modelines are hints to
the editor how to display a file, and are untrusted, where as automating an
editor requires the ability to modify files, create filters and so on to be
useful).

The documentation is online here:

http://www.sweetscape.com/010editor/manual/FuncInterface.htm
http://www.sweetscape.com/010editor/manual/EditingProcesses.htm

Start here:

int Exec( const char program[], const char arguments[] ) 

Executes an external application using the given program and arguments.


Rating this vulnerability high severity, Bkis recommends that users 
should update their software to the latest version.


This is like saying "A vulnerability has been fixed parsing perl scripts,
upgrade and it's safe to run hostile.pl again", It's obviously not the case.
While what you describe is clearly a bug, it's hard to see any security
impact - users couldnt previously safely execute untrusted scripts, and
after upgrading they still can't.

You may want to read up on modelines, Guninski famously broke vim modelines
in interesting ways several times.

-- 
-------------------------------------
taviso () sdf lonestar org | finger me for my pgp key.
-------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: