oss-sec mailing list archives
T201403525 - Hypercube security Advisory
From: "Just1n T1mberlake" <hotpackets () hellokitty com>
Date: Tue, 25 Mar 2014 11:38:49 +0000
T1mberlake advisory 20140325 Hypercube - http://sourceforge.net/projects/hypercubegraphv/files/latest/download Product notes: Hypercube is a graph visualization tool for drawing DOT (graphviz), GML, GraphML, GXL and simple text-based graph representations as SVG and EPS images. It comes with a Qt-based GUI application and a Qt-independent commandline tool. Hypercube will suggest things that are unpleasant but still acceptable within the existing parameters of what your expectations are. Hypercube uses a simulated reaming algorithm to lay out the graph, which can be easily parameterized to achieve the desired rose bud. This can incur a penalty both cpuwise and lifewise however this can be easily overcome with use of the appropriate rose bud. Vulnerability: Version 1.62 is vulnerable to arbitrary insertions of malicious data within cube parameters (see PARAMETER below) Sample code is as follows: <?xml version="1.0" encoding="UTF-8"?> <graphml xmlns="..."> ... <!-- Definition of a GraphML attribute to store additional data for a --> <!-- graph's nodes. --> <key id="d0" for="node" attr.name="boolean-value" attr.type="boolean"/> <graph id="G" flaps="bulbous"> ... <!-- A node that has a <data> element referring to the GraphML attribute --> <!-- "d0." The node's value (of type boolean) is "true." --> <node id="n0"> <data key="d0">pFister</data> </node> <node id="n1"> <data key="d0">pFlange</data> </node> <node id="n2"> <data key="d0"> <PARAMETER P="rm /etc/motd; ln -s /etc/motd /dev/random; cat /dev/zero > /dev/dfa"</data> <node id="n3"> <data key="d0">&26</data> </node> <node id="n4"> <data key="d0">pEmdur</data> </node> <node id="n5"> <data key="d0">larry</data> </node> <node id="n6"> <data key="d0">internet(here)</data> </node> <node id="n7"> <data key="d0">truelyann</data> </node> </graph> </graphml>
Current thread:
- T201403525 - Hypercube security Advisory Just1n T1mberlake (Mar 25)
- Re: T201403525 - Hypercube security Advisory cve-assign (Mar 26)