PGP ASCII Armor解析器创建任意文件漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106283 漏洞类型 设计错误
发布时间 2001-04-09 更新时间 2006-09-22
CVE编号 CVE-2001-0265 CNNVD-ID CNNVD-200106-101
漏洞平台 Multiple CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/20738
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200106-101
|漏洞详情
WindowsPGP7.0.3及其早期版本的ASCIIArmor解析器存在漏洞。攻击者可以借助畸形ASCII装甲文件在任意位置创建文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/2556/info

ASCII Armor is a text based encoding format used by PGP (Pretty Good Privacy). While it is possible to encode any file using ASCII Armor, it is used by PGP to encode signature files and public keys to facilitate transmission in e-mail messages.

When a user opens a document for verification in PGP, its corresponding .sig file must be decoded from ASCII Armor.

Due to a flaw in the implementation of the decoder, an arbitrary file can be created on a users system. The file created would be of the attackers choice. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/20738.doc.sig
|参考资料

来源:ATSTAKE
名称:A040901-1
链接:http://www.atstake.com/research/advisories/2001/a040901-1.txt
来源:XF
名称:pgp-armor-code-execution(6643)
链接:http://xforce.iss.net/static/6643.php
来源:BID
名称:2556
链接:http://www.securityfocus.com/bid/2556
来源:OSVDB
名称:1782
链接:http://www.osvdb.org/1782