Document Title: =============== HTTrack v3.x - Stack Buffer Overflow Vulnerability References (Source): ==================== http://ift.tt/2qNdS3x Release Date: ============= 2017-05-22 Vulnerability Laboratory ID (VL-ID): ==================================== 2068 Common Vulnerability Scoring System: ==================================== 6.1 Vulnerability Class: ==================== Buffer Overflow Product & Service Introduction: =============================== It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system. WinHTTrack is the Windows 2000/XP/Vista/Seven release of HTTrack, and WebHTTrack the Linux/Unix/BSD release. (Copy of the Homepage: http://www.httrack.com/ ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a stack buffer overflow in the official HTTrack v3.48-22-1 (Fedora 25), v3.48-24 (Debian) & v3.49.1 (Windows). Vulnerability Disclosure Timeline: ================================== 2016-05-12: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2016-05-12: Vendor Notification (HTTrack Security Service Team) 2016-05-13: Vendor Response/Feedback (HTTrack Security Service Team) 2017-05-14: Vendor Fix/Patch (HTTrack Service Team) 2017-05-16: Security Acknowledgements (HTTrack Security Service Team) 2017-05-22: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Xavier Roche Product: HTTrack Website Copier - Software (Linux & Windows) 3.48-22-1 (Fedora 25), v3.48-24 (Debian), v3.49.1 (Windows) & Android App Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A local buffer overflow vulnerability has been discovered in the official HTTrack v3.48-22-1 (Fedora 25), v3.48-24 (Debian) & v3.49.1 (Windows). The vulnerability allows to overwrite the registers of the process to gain higher access privileges for compromise of the local computer system. A buffer overflow in the `URI` and `Project Name` processing in `HTTrack` and `WebHTTrack` on version 3.48-22-1 (Fedora 25) and 3.48-24(Debian), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large unicode strings. The vulnerability is a classic unicode stack buffer overflow vulnerability in the software core. The vulnerability can be exploited by local attackers with restricted system user privileges to compromise the software process to gain higher process access privileges. The issue allows to overwrite the basic registers of the process like eip and ebx. The security risk of the stack overflow vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.1. Exploitation of the stack buffer overflow vulnerability requires a low privilege or restricted system user account without user interaction. Successful exploitation of the stack overflow vulnerability results in process manipulation or compromise of the affected computer system. Proof of Concept (PoC): ======================= The stack buffer overflow vulnerability can be exploited by local attackers with low privileged system user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment