Guidance Software EnCase内存破坏漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189531 漏洞类型 未知
发布时间 2007-08-07 更新时间 2007-08-07
CVE编号 CVE-2007-4194 CNNVD-ID CNNVD-200708-105
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/85489
https://cxsecurity.com/issue/WLB-2007080034
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200708-105
|漏洞详情
GuidanceSoftwareEnCase5.0版本允许用户协助式的远程攻击者可以借助一个与"EnCase的文件系统分析"相关的畸形文件,造成拒绝服务(栈内存损坏)并可能具有其它未明影响。注意:该信息是基于一个含糊的公告预览。该漏洞可能与CVE-2007-4036重叠。
|漏洞EXP
Breakpoint Security Advisory

Affected Vendor:

Guidance Software

Affected Products:

Encase 5.0 and possibly other version

Background:

With Encase's recent response to the iSec's security report and their ability to both market their product while at the same time minimizing their products issues, Breakpoint Security decided to advise Encase to take their software's assurance a bit more serious.  In the course of 6 hours researchers from Breakpoint Security conducted not so intensive tests of about 10 scenarios utilizing specialized proprietary software like dd, xxd and ultraedit. 
    As a result of this testing regimen, Breakpoint Security was able to identify multiple bugs in Encase.  All the testing done OBVIOUSLY involved intentionally corrupted files. We contend that any issues found in software written for forensic purposes must not fall victim to possibly infected images.  While this problem may simply postpone an investigation, other more critical issues could result in more intrusive actions.

Vulnerability Details:

Vulnerability details will be disclosed at a later date. The vulnerability resides in Encase's file system parsing. The malicious user can force encase into an infinite recursion loop, exhausting the stack.

Credit:

Breakpoint Security Research Team http://www.breakpointsecurity.net/
|受影响的产品
Guidance Software Encase 5.0
|参考资料

来源:XF
名称:encase-file-system-dos(46230)
链接:http://xforce.iss.net/xforce/xfdb/46230
来源:BUGTRAQ
名称:20070727BreakpointSecurity:EncasePre-Advisory
链接:http://www.securityfocus.com/archive/1/archive/1/474811/100/0/threaded
来源:OSVDB
名称:44739
链接:http://osvdb.org/44739
来源:SREASON
名称:2967
链接:http://securityreason.com/securityalert/2967