Advisory: Websockify: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered a buffer overflow vulnerability in the C implementation of Websockify, which allows attackers to execute arbitrary code. Details ======= Product: Websockify C implementation Affected Versions: all versions <= 0.8.0 Fixed Versions: versions since commit 192ec6f (2016-04-22) [0] Vulnerability Type: Buffer Overflow Security Risk: high Vendor URL: http://ift.tt/19GQpRR Vendor Status: fixed Advisory URL: http://ift.tt/1sIvIEp Advisory Status: published CVE: GENERIC-MAP-NOMATCH CVE URL: http://ift.tt/1jQGmEN Introduction ============ "websockify was formerly named wsproxy and was part of the noVNC project. At the most basic level, websockify just translates WebSockets traffic to normal TCP socket traffic. Websockify accepts the WebSockets handshake, parses it, and then begins forwarding traffic between the client and the target in both directions." (from the project's readme) More Details ============ For each new connection, websockify forks and calls the function do_handshake() to receive a client's WebSocket handshake. The following excerpt shows some of the source code responsible for receiving the client's data from the socket file descriptor:
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment