{"id": "EDB-ID:9843", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Blender 2.34 / 2.35a / 2.4 / 2.49b - .blend Command Injection", "description": "Blender 2.34, 2.35a, 2.4, 2.49b .blend File Command Injection. CVE-2009-3850. Remote exploits for multiple platform", "published": "2009-11-05T00:00:00", "modified": "2009-11-05T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/9843/", "reporter": "Core Security", "references": [], "cvelist": ["CVE-2009-3850"], "lastseen": "2016-02-01T11:22:09", "viewCount": 11, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2016-02-01T11:22:09", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3850"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310900252", "OPENVAS:900252", "OPENVAS:1361412562310121066", "OPENVAS:1361412562310863346", "OPENVAS:863355", "OPENVAS:863346", "OPENVAS:1361412562310863355"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:82496"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22753", "SECURITYVULNS:VULN:10381"]}, {"type": "seebug", "idList": ["SSV:66941", "SSV:14465", "SSV:17991"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:3752ACBE30E2F304276D1FB783FFAE83"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201311-07.NASL", "FEDORA_2011-8474.NASL", "FEDORA_2011-8424.NASL"]}, {"type": "fedora", "idList": ["FEDORA:6B164110C3F", "FEDORA:9B87C10F85E"]}, {"type": "gentoo", "idList": ["GLSA-201311-07"]}], "modified": "2016-02-01T11:22:09", "rev": 2}, "vulnersScore": 7.0}, "sourceHref": "https://www.exploit-db.com/download/9843/", "sourceData": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n \r\n Core Security Technologies - CoreLabs Advisory\r\n http://www.coresecurity.com/corelabs/\r\n\r\nBlender .blend Project Arbitrary Command Execution\r\n\r\n\r\n\r\n1. *Advisory Information*\r\n\r\nTitle: Blender .blend Project Arbitrary Command Execution\r\nAdvisory Id: CORE-2009-0912\r\nAdvisory URL:\r\nhttp://www.coresecurity.com/content/blender-scripting-injection\r\nDate published: 2009-11-05\r\nDate of last update: 2009-11-04\r\nVendors contacted: Blender Foundation\r\nRelease mode: User release\r\n\r\n\r\n\r\n2. *Vulnerability Information*\r\n\r\nClass: Failure to Sanitize Data into a Different Plane [CWE-74]\r\nImpact: Code execution\r\nRemotely Exploitable: Yes (client side)\r\nLocally Exploitable: No\r\nBugtraq ID: 36838\r\nCVE Name: CVE-2009-3850\r\n\r\n\r\n\r\n3. *Vulnerability Description*\r\n\r\nBlender [2] is a 3D graphics application released as free software. It\r\ncan be used for modeling, texturing, rendering, particle, and other\r\nsimulations and creating interactive 3D applications, including games.\r\n\r\nBlender embeds a python interpreter to extend its functionality.\r\nBlender .blend project files can be modified to execute arbitrary\r\ncommands without user intervention by design. An attacker can take\r\nfull control of the machine where Blender is installed by sending a\r\nspecially crafted .blend file and enticing the user to open it.\r\n\r\n\r\n4. *Vulnerable packages*\r\n\r\n . Blender 2.49b\r\n . Blender 2.40\r\n . Blender 2.35a\r\n . Blender 2.34\r\n . Older versions are probably affected too, but they were not checked.\r\n\r\n\r\n5. *Vendor Information, Solutions and Workarounds*\r\n\r\nThe vendor did not provide fixes or workaround information.\r\n\r\nTo determine if a .blend file is suspicious you could parse the\r\ncontent of the file [3] searching for a SDNA [4] of type ScriptLink\r\n[5] with python code bound to an \"onLoad\" action.\r\n\r\n\r\n6. *Credits*\r\n\r\nThis vulnerability was discovered and researched by Diego Juarez and\r\nSebastian Tello from Core Security Technologies during Bugweek 2009 [1].\r\n\r\nThe publication of this advisory was coordinated by Fernando Russ from\r\nCore Security Advisories Team.\r\n\r\n\r\n7. *Technical Description / Proof of Concept Code*\r\n\r\nBlender [2] .blend project files can be modified to execute arbitrary\r\ncommands without user intervention by design. An attacker can take\r\nfull control of the machine where Blender is installed sending a\r\nspecially crafted .blend file and enticing the user to open it.\r\n\r\nThese are the steps to reproduce the issue:\r\n\r\n . Open the \"Text Editor\" Panel.\r\n . Right click on the canvas and select \"New\".\r\n . Write your python code there. For instance:\r\n\r\n/-----\r\n import os\r\n os.system(\"calc.exe\")\r\n- -----/\r\n\r\n . In the text name field (TX:Text.001) input a name for your\r\nscript, e.g.: TX:myscript.\r\n . Open the \"Buttons Window\" panel.\r\n . From the \"panel\" dropdown choose \"Script\".\r\n . Check that \"enable script links\" is active.\r\n . Click on \"new\".\r\n . Select the script you created (e.g. myscript).\r\n . Choose \"OnLoad\" from the event dropdown list.\r\n . In the \"User Preferences\" panel, select File->Save, and save your\r\nproject.\r\n\r\n\r\n8. *Report Timeline*\r\n\r\n. 2009-10-19:\r\nCore Security Technologies notifies to the Blender foundation of the\r\nvulnerabilty and announces its initial plan to publish this advisory\r\non October 30th, 2009.\r\n\r\n. 2009-10-20:\r\nThe Blender foundation answers that \"We are a free software project,\r\nall issues are openly discussed. Just post the discoveries you made\r\nfor everyone to look at.\"\r\n\r\n. 2009-10-27:\r\nCore sends a draft advisory to the Blender Foundation for this flaw.\r\nCore also reminds the vendor its intention to publish the content on\r\nOctober 30th, 2009.\r\n\r\n. 2009-10-27:\r\nBID 36838 was assigned to this issue\r\n\r\n. 2009-11-03:\r\nCVE 2009-3850 was assigned to this issue\r\n\r\n. 2009-11-03:\r\nThe Blender Foundation didn't acknowledge or answer our comunications\r\nanymore.\r\n\r\n. 2009-11-05:\r\nThe advisory CORE-2009-0912 is published.\r\n\r\n\r\n\r\n9. *References*\r\n\r\n[1] The author participated in Core Bugweek 2009 as member of the team\r\n\"Gimbal Lock N Load\".\r\n[2] http://www.blender.org/\r\n[3] http://www.atmind.nl/blender/mystery_ot_blend.html\r\n[4] http://www.atmind.nl/blender/blender-sdna.html\r\n[5] http://www.atmind.nl/blender/blender-sdna.html#struct:ScriptLink\r\n\r\n\r\n10. *About CoreLabs*\r\n\r\nCoreLabs, the research center of Core Security Technologies, is\r\ncharged with anticipating the future needs and requirements for\r\ninformation security technologies. We conduct our research in several\r\nimportant areas of computer security including system vulnerabilities,\r\ncyber attack planning and simulation, source code auditing, and\r\ncryptography. Our results include problem formalization,\r\nidentification of vulnerabilities, novel solutions and prototypes for\r\nnew technologies. CoreLabs regularly publishes security advisories,\r\ntechnical papers, project information and shared software tools for\r\npublic use at: http://www.coresecurity.com/corelabs.\r\n\r\n\r\n11. *About Core Security Technologies*\r\n\r\nCore Security Technologies develops strategic solutions that help\r\nsecurity-conscious organizations worldwide develop and maintain a\r\nproactive process for securing their networks. The company's flagship\r\nproduct, CORE IMPACT, is the most comprehensive product for performing\r\nenterprise security assurance testing. CORE IMPACT evaluates network,\r\nendpoint and end-user vulnerabilities and identifies what resources\r\nare exposed. It enables organizations to determine if current security\r\ninvestments are detecting and preventing attacks. Core Security\r\nTechnologies augments its leading technology solution with world-class\r\nsecurity consulting services, including penetration testing and\r\nsoftware security auditing. Based in Boston, MA and Buenos Aires,\r\nArgentina, Core Security Technologies can be reached at 617-399-6980\r\nor on the Web at http://www.coresecurity.com.\r\n\r\n\r\n12. *Disclaimer*\r\n\r\nThe contents of this advisory are copyright (c) 2009 Core Security\r\nTechnologies and (c) 2009 CoreLabs, and may be distributed freely\r\nprovided that no fee is charged for this distribution and proper\r\ncredit is given.\r\n\r\n\r\n13. *PGP/GPG Keys*\r\n\r\nThis advisory has been signed with the GPG key of Core Security\r\nTechnologies advisories team, which is available for download at\r\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.12 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n \r\niEYEARECAAYFAkrzB5QACgkQyNibggitWa3zbwCfYhTo5o2x1lggJ2dZjAx1uQyp\r\nYEkAoKjU9/gtdrUV7zHGFo6H9GJUyW7W\r\n=FxMs\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "osvdbidlist": ["59853"]}

{"cve": [{"lastseen": "2021-02-02T05:40:06", "description": "Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.", "edition": 4, "cvss3": {}, "published": "2009-11-06T15:30:00", "title": "CVE-2009-3850", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3850"], "modified": "2018-10-10T19:47:00", "cpe": ["cpe:/a:blender:blender:2.34", "cpe:/a:blender:blender:2.49b", "cpe:/a:blender:blender:2.40", "cpe:/a:blender:blender:2.35a"], "id": "CVE-2009-3850", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3850", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:blender:blender:2.34:*:*:*:*:*:*:*", "cpe:2.3:a:blender:blender:2.35a:*:*:*:*:*:*:*", "cpe:2.3:a:blender:blender:2.49b:*:*:*:*:*:*:*", "cpe:2.3:a:blender:blender:2.40:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2016-12-05T22:12:48", "description": "", "published": "2009-11-05T00:00:00", "type": "packetstorm", "title": "Core Security Technologies Advisory 2009.0912", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3850"], "modified": "2009-11-05T00:00:00", "id": "PACKETSTORM:82496", "href": "https://packetstormsecurity.com/files/82496/Core-Security-Technologies-Advisory-2009.0912.html", "sourceData": "`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n \nCore Security Technologies - CoreLabs Advisory \nhttp://www.coresecurity.com/corelabs/ \n \nBlender .blend Project Arbitrary Command Execution \n \n \n \n1. *Advisory Information* \n \nTitle: Blender .blend Project Arbitrary Command Execution \nAdvisory Id: CORE-2009-0912 \nAdvisory URL: \nhttp://www.coresecurity.com/content/blender-scripting-injection \nDate published: 2009-11-05 \nDate of last update: 2009-11-04 \nVendors contacted: Blender Foundation \nRelease mode: User release \n \n \n \n2. *Vulnerability Information* \n \nClass: Failure to Sanitize Data into a Different Plane [CWE-74] \nImpact: Code execution \nRemotely Exploitable: Yes (client side) \nLocally Exploitable: No \nBugtraq ID: 36838 \nCVE Name: CVE-2009-3850 \n \n \n \n3. *Vulnerability Description* \n \nBlender [2] is a 3D graphics application released as free software. It \ncan be used for modeling, texturing, rendering, particle, and other \nsimulations and creating interactive 3D applications, including games. \n \nBlender embeds a python interpreter to extend its functionality. \nBlender .blend project files can be modified to execute arbitrary \ncommands without user intervention by design. An attacker can take \nfull control of the machine where Blender is installed by sending a \nspecially crafted .blend file and enticing the user to open it. \n \n \n4. *Vulnerable packages* \n \n. Blender 2.49b \n. Blender 2.40 \n. Blender 2.35a \n. Blender 2.34 \n. Older versions are probably affected too, but they were not checked. \n \n \n5. *Vendor Information, Solutions and Workarounds* \n \nThe vendor did not provide fixes or workaround information. \n \nTo determine if a .blend file is suspicious you could parse the \ncontent of the file [3] searching for a SDNA [4] of type ScriptLink \n[5] with python code bound to an \"onLoad\" action. \n \n \n6. *Credits* \n \nThis vulnerability was discovered and researched by Diego Juarez and \nSebastian Tello from Core Security Technologies during Bugweek 2009 [1]. \n \nThe publication of this advisory was coordinated by Fernando Russ from \nCore Security Advisories Team. \n \n \n7. *Technical Description / Proof of Concept Code* \n \nBlender [2] .blend project files can be modified to execute arbitrary \ncommands without user intervention by design. An attacker can take \nfull control of the machine where Blender is installed sending a \nspecially crafted .blend file and enticing the user to open it. \n \nThese are the steps to reproduce the issue: \n \n. Open the \"Text Editor\" Panel. \n. Right click on the canvas and select \"New\". \n. Write your python code there. For instance: \n \n/----- \nimport os \nos.system(\"calc.exe\") \n- -----/ \n \n. In the text name field (TX:Text.001) input a name for your \nscript, e.g.: TX:myscript. \n. Open the \"Buttons Window\" panel. \n. From the \"panel\" dropdown choose \"Script\". \n. Check that \"enable script links\" is active. \n. Click on \"new\". \n. Select the script you created (e.g. myscript). \n. Choose \"OnLoad\" from the event dropdown list. \n. In the \"User Preferences\" panel, select File->Save, and save your \nproject. \n \n \n8. *Report Timeline* \n \n. 2009-10-19: \nCore Security Technologies notifies to the Blender foundation of the \nvulnerabilty and announces its initial plan to publish this advisory \non October 30th, 2009. \n \n. 2009-10-20: \nThe Blender foundation answers that \"We are a free software project, \nall issues are openly discussed. Just post the discoveries you made \nfor everyone to look at.\" \n \n. 2009-10-27: \nCore sends a draft advisory to the Blender Foundation for this flaw. \nCore also reminds the vendor its intention to publish the content on \nOctober 30th, 2009. \n \n. 2009-10-27: \nBID 36838 was assigned to this issue \n \n. 2009-11-03: \nCVE 2009-3850 was assigned to this issue \n \n. 2009-11-03: \nThe Blender Foundation didn't acknowledge or answer our comunications \nanymore. \n \n. 2009-11-05: \nThe advisory CORE-2009-0912 is published. \n \n \n \n9. *References* \n \n[1] The author participated in Core Bugweek 2009 as member of the team \n\"Gimbal Lock N Load\". \n[2] http://www.blender.org/ \n[3] http://www.atmind.nl/blender/mystery_ot_blend.html \n[4] http://www.atmind.nl/blender/blender-sdna.html \n[5] http://www.atmind.nl/blender/blender-sdna.html#struct:ScriptLink \n \n \n10. *About CoreLabs* \n \nCoreLabs, the research center of Core Security Technologies, is \ncharged with anticipating the future needs and requirements for \ninformation security technologies. We conduct our research in several \nimportant areas of computer security including system vulnerabilities, \ncyber attack planning and simulation, source code auditing, and \ncryptography. Our results include problem formalization, \nidentification of vulnerabilities, novel solutions and prototypes for \nnew technologies. CoreLabs regularly publishes security advisories, \ntechnical papers, project information and shared software tools for \npublic use at: http://www.coresecurity.com/corelabs. \n \n \n11. *About Core Security Technologies* \n \nCore Security Technologies develops strategic solutions that help \nsecurity-conscious organizations worldwide develop and maintain a \nproactive process for securing their networks. The company's flagship \nproduct, CORE IMPACT, is the most comprehensive product for performing \nenterprise security assurance testing. CORE IMPACT evaluates network, \nendpoint and end-user vulnerabilities and identifies what resources \nare exposed. It enables organizations to determine if current security \ninvestments are detecting and preventing attacks. Core Security \nTechnologies augments its leading technology solution with world-class \nsecurity consulting services, including penetration testing and \nsoftware security auditing. Based in Boston, MA and Buenos Aires, \nArgentina, Core Security Technologies can be reached at 617-399-6980 \nor on the Web at http://www.coresecurity.com. \n \n \n12. *Disclaimer* \n \nThe contents of this advisory are copyright (c) 2009 Core Security \nTechnologies and (c) 2009 CoreLabs, and may be distributed freely \nprovided that no fee is charged for this distribution and proper \ncredit is given. \n \n \n13. *PGP/GPG Keys* \n \nThis advisory has been signed with the GPG key of Core Security \nTechnologies advisories team, which is available for download at \nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc. \n \n \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v2.0.12 (MingW32) \nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ \n \niEYEARECAAYFAkrzB5QACgkQyNibggitWa3zbwCfYhTo5o2x1lggJ2dZjAx1uQyp \nYEkAoKjU9/gtdrUV7zHGFo6H9GJUyW7W \n=FxMs \n-----END PGP SIGNATURE----- \n \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/82496/CORE-2009-0912.txt"}], "seebug": [{"lastseen": "2017-11-19T15:23:46", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Blender 2.34, 2.35a, 2.4, 2.49b .blend File Command Injection", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3850"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-66941", "id": "SSV:66941", "sourceData": "\n -----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n \r\n Core Security Technologies - CoreLabs Advisory\r\n http://www.coresecurity.com/corelabs/\r\n\r\nBlender .blend Project Arbitrary Command Execution\r\n\r\n\r\n\r\n1. *Advisory Information*\r\n\r\nTitle: Blender .blend Project Arbitrary Command Execution\r\nAdvisory Id: CORE-2009-0912\r\nAdvisory URL:\r\nhttp://www.coresecurity.com/content/blender-scripting-injection\r\nDate published: 2009-11-05\r\nDate of last update: 2009-11-04\r\nVendors contacted: Blender Foundation\r\nRelease mode: User release\r\n\r\n\r\n\r\n2. *Vulnerability Information*\r\n\r\nClass: Failure to Sanitize Data into a Different Plane [CWE-74]\r\nImpact: Code execution\r\nRemotely Exploitable: Yes (client side)\r\nLocally Exploitable: No\r\nBugtraq ID: 36838\r\nCVE Name: CVE-2009-3850\r\n\r\n\r\n\r\n3. *Vulnerability Description*\r\n\r\nBlender [2] is a 3D graphics application released as free software. It\r\ncan be used for modeling, texturing, rendering, particle, and other\r\nsimulations and creating interactive 3D applications, including games.\r\n\r\nBlender embeds a python interpreter to extend its functionality.\r\nBlender .blend project files can be modified to execute arbitrary\r\ncommands without user intervention by design. An attacker can take\r\nfull control of the machine where Blender is installed by sending a\r\nspecially crafted .blend file and enticing the user to open it.\r\n\r\n\r\n4. *Vulnerable packages*\r\n\r\n . Blender 2.49b\r\n . Blender 2.40\r\n . Blender 2.35a\r\n . Blender 2.34\r\n . Older versions are probably affected too, but they were not checked.\r\n\r\n\r\n5. *Vendor Information, Solutions and Workarounds*\r\n\r\nThe vendor did not provide fixes or workaround information.\r\n\r\nTo determine if a .blend file is suspicious you could parse the\r\ncontent of the file [3] searching for a SDNA [4] of type ScriptLink\r\n[5] with python code bound to an &#34;onLoad&#34; action.\r\n\r\n\r\n6. *Credits*\r\n\r\nThis vulnerability was discovered and researched by Diego Juarez and\r\nSebastian Tello from Core Security Technologies during Bugweek 2009 [1].\r\n\r\nThe publication of this advisory was coordinated by Fernando Russ from\r\nCore Security Advisories Team.\r\n\r\n\r\n7. *Technical Description / Proof of Concept Code*\r\n\r\nBlender [2] .blend project files can be modified to execute arbitrary\r\ncommands without user intervention by design. An attacker can take\r\nfull control of the machine where Blender is installed sending a\r\nspecially crafted .blend file and enticing the user to open it.\r\n\r\nThese are the steps to reproduce the issue:\r\n\r\n . Open the &#34;Text Editor&#34; Panel.\r\n . Right click on the canvas and select &#34;New&#34;.\r\n . Write your python code there. For instance:\r\n\r\n/-----\r\n import os\r\n os.system(&#34;calc.exe&#34;)\r\n- -----/\r\n\r\n . In the text name field (TX:Text.001) input a name for your\r\nscript, e.g.: TX:myscript.\r\n . Open the &#34;Buttons Window&#34; panel.\r\n . From the &#34;panel&#34; dropdown choose &#34;Script&#34;.\r\n . Check that &#34;enable script links&#34; is active.\r\n . Click on &#34;new&#34;.\r\n . Select the script you created (e.g. myscript).\r\n . Choose &#34;OnLoad&#34; from the event dropdown list.\r\n . In the &#34;User Preferences&#34; panel, select File-&#62;Save, and save your\r\nproject.\r\n\r\n\r\n8. *Report Timeline*\r\n\r\n. 2009-10-19:\r\nCore Security Technologies notifies to the Blender foundation of the\r\nvulnerabilty and announces its initial plan to publish this advisory\r\non October 30th, 2009.\r\n\r\n. 2009-10-20:\r\nThe Blender foundation answers that &#34;We are a free software project,\r\nall issues are openly discussed. Just post the discoveries you made\r\nfor everyone to look at.&#34;\r\n\r\n. 2009-10-27:\r\nCore sends a draft advisory to the Blender Foundation for this flaw.\r\nCore also reminds the vendor its intention to publish the content on\r\nOctober 30th, 2009.\r\n\r\n. 2009-10-27:\r\nBID 36838 was assigned to this issue\r\n\r\n. 2009-11-03:\r\nCVE 2009-3850 was assigned to this issue\r\n\r\n. 2009-11-03:\r\nThe Blender Foundation didn&#39;t acknowledge or answer our comunications\r\nanymore.\r\n\r\n. 2009-11-05:\r\nThe advisory CORE-2009-0912 is published.\r\n\r\n\r\n\r\n9. *References*\r\n\r\n[1] The author participated in Core Bugweek 2009 as member of the team\r\n&#34;Gimbal Lock N Load&#34;.\r\n[2] http://www.blender.org/\r\n[3] http://www.atmind.nl/blender/mystery_ot_blend.html\r\n[4] http://www.atmind.nl/blender/blender-sdna.html\r\n[5] http://www.atmind.nl/blender/blender-sdna.html#struct:ScriptLink\r\n\r\n\r\n10. *About CoreLabs*\r\n\r\nCoreLabs, the research center of Core Security Technologies, is\r\ncharged with anticipating the future needs and requirements for\r\ninformation security technologies. We conduct our research in several\r\nimportant areas of computer security including system vulnerabilities,\r\ncyber attack planning and simulation, source code auditing, and\r\ncryptography. Our results include problem formalization,\r\nidentification of vulnerabilities, novel solutions and prototypes for\r\nnew technologies. CoreLabs regularly publishes security advisories,\r\ntechnical papers, project information and shared software tools for\r\npublic use at: http://www.coresecurity.com/corelabs.\r\n\r\n\r\n11. *About Core Security Technologies*\r\n\r\nCore Security Technologies develops strategic solutions that help\r\nsecurity-conscious organizations worldwide develop and maintain a\r\nproactive process for securing their networks. The company&#39;s flagship\r\nproduct, CORE IMPACT, is the most comprehensive product for performing\r\nenterprise security assurance testing. CORE IMPACT evaluates network,\r\nendpoint and end-user vulnerabilities and identifies what resources\r\nare exposed. It enables organizations to determine if current security\r\ninvestments are detecting and preventing attacks. Core Security\r\nTechnologies augments its leading technology solution with world-class\r\nsecurity consulting services, including penetration testing and\r\nsoftware security auditing. Based in Boston, MA and Buenos Aires,\r\nArgentina, Core Security Technologies can be reached at 617-399-6980\r\nor on the Web at http://www.coresecurity.com.\r\n\r\n\r\n12. *Disclaimer*\r\n\r\nThe contents of this advisory are copyright (c) 2009 Core Security\r\nTechnologies and (c) 2009 CoreLabs, and may be distributed freely\r\nprovided that no fee is charged for this distribution and proper\r\ncredit is given.\r\n\r\n\r\n13. *PGP/GPG Keys*\r\n\r\nThis advisory has been signed with the GPG key of Core Security\r\nTechnologies advisories team, which is available for download at\r\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.12 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n \r\niEYEARECAAYFAkrzB5QACgkQyNibggitWa3zbwCfYhTo5o2x1lggJ2dZjAx1uQyp\r\nYEkAoKjU9/gtdrUV7zHGFo6H9GJUyW7W\r\n=FxMs\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-66941"}, {"lastseen": "2017-11-19T18:31:42", "description": "No description provided by source.", "published": "2009-11-05T00:00:00", "type": "seebug", "title": "Blender 2.34\t 2.35a\t2.4\t 2.49b .blend File Command Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3850"], "modified": "2009-11-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-17991", "id": "SSV:17991", "sourceData": "\n -----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n \r\n Core Security Technologies - CoreLabs Advisory\r\n http://www.coresecurity.com/corelabs/\r\n\r\nBlender .blend Project Arbitrary Command Execution\r\n\r\n\r\n\r\n1. *Advisory Information*\r\n\r\nTitle: Blender .blend Project Arbitrary Command Execution\r\nAdvisory Id: CORE-2009-0912\r\nAdvisory URL:\r\nhttp://www.coresecurity.com/content/blender-scripting-injection\r\nDate published: 2009-11-05\r\nDate of last update: 2009-11-04\r\nVendors contacted: Blender Foundation\r\nRelease mode: User release\r\n\r\n\r\n\r\n2. *Vulnerability Information*\r\n\r\nClass: Failure to Sanitize Data into a Different Plane [CWE-74]\r\nImpact: Code execution\r\nRemotely Exploitable: Yes (client side)\r\nLocally Exploitable: No\r\nBugtraq ID: 36838\r\nCVE Name: CVE-2009-3850\r\n\r\n\r\n\r\n3. *Vulnerability Description*\r\n\r\nBlender [2] is a 3D graphics application released as free software. It\r\ncan be used for modeling, texturing, rendering, particle, and other\r\nsimulations and creating interactive 3D applications, including games.\r\n\r\nBlender embeds a python interpreter to extend its functionality.\r\nBlender .blend project files can be modified to execute arbitrary\r\ncommands without user intervention by design. An attacker can take\r\nfull control of the machine where Blender is installed by sending a\r\nspecially crafted .blend file and enticing the user to open it.\r\n\r\n\r\n4. *Vulnerable packages*\r\n\r\n . Blender 2.49b\r\n . Blender 2.40\r\n . Blender 2.35a\r\n . Blender 2.34\r\n . Older versions are probably affected too, but they were not checked.\r\n\r\n\r\n5. *Vendor Information, Solutions and Workarounds*\r\n\r\nThe vendor did not provide fixes or workaround information.\r\n\r\nTo determine if a .blend file is suspicious you could parse the\r\ncontent of the file [3] searching for a SDNA [4] of type ScriptLink\r\n[5] with python code bound to an &quot;onLoad&quot; action.\r\n\r\n\r\n6. *Credits*\r\n\r\nThis vulnerability was discovered and researched by Diego Juarez and\r\nSebastian Tello from Core Security Technologies during Bugweek 2009 [1].\r\n\r\nThe publication of this advisory was coordinated by Fernando Russ from\r\nCore Security Advisories Team.\r\n\r\n\r\n7. *Technical Description / Proof of Concept Code*\r\n\r\nBlender [2] .blend project files can be modified to execute arbitrary\r\ncommands without user intervention by design. An attacker can take\r\nfull control of the machine where Blender is installed sending a\r\nspecially crafted .blend file and enticing the user to open it.\r\n\r\nThese are the steps to reproduce the issue:\r\n\r\n . Open the &quot;Text Editor&quot; Panel.\r\n . Right click on the canvas and select &quot;New&quot;.\r\n . Write your python code there. For instance:\r\n\r\n/-----\r\n import os\r\n os.system(&quot;calc.exe&quot;)\r\n- -----/\r\n\r\n . In the text name field (TX:Text.001) input a name for your\r\nscript, e.g.: TX:myscript.\r\n . Open the &quot;Buttons Window&quot; panel.\r\n . From the &quot;panel&quot; dropdown choose &quot;Script&quot;.\r\n . Check that &quot;enable script links&quot; is active.\r\n . Click on &quot;new&quot;.\r\n . Select the script you created (e.g. myscript).\r\n . Choose &quot;OnLoad&quot; from the event dropdown list.\r\n . In the &quot;User Preferences&quot; panel, select File-&gt;Save, and save your\r\nproject.\r\n\r\n\r\n8. *Report Timeline*\r\n\r\n. 2009-10-19:\r\nCore Security Technologies notifies to the Blender foundation of the\r\nvulnerabilty and announces its initial plan to publish this advisory\r\non October 30th, 2009.\r\n\r\n. 2009-10-20:\r\nThe Blender foundation answers that &quot;We are a free software project,\r\nall issues are openly discussed. Just post the discoveries you made\r\nfor everyone to look at.&quot;\r\n\r\n. 2009-10-27:\r\nCore sends a draft advisory to the Blender Foundation for this flaw.\r\nCore also reminds the vendor its intention to publish the content on\r\nOctober 30th, 2009.\r\n\r\n. 2009-10-27:\r\nBID 36838 was assigned to this issue\r\n\r\n. 2009-11-03:\r\nCVE 2009-3850 was assigned to this issue\r\n\r\n. 2009-11-03:\r\nThe Blender Foundation didn't acknowledge or answer our comunications\r\nanymore.\r\n\r\n. 2009-11-05:\r\nThe advisory CORE-2009-0912 is published.\r\n\r\n\r\n\r\n9. *References*\r\n\r\n[1] The author participated in Core Bugweek 2009 as member of the team\r\n&quot;Gimbal Lock N Load&quot;.\r\n[2] http://www.blender.org/\r\n[3] http://www.atmind.nl/blender/mystery_ot_blend.html\r\n[4] http://www.atmind.nl/blender/blender-sdna.html\r\n[5] http://www.atmind.nl/blender/blender-sdna.html#struct:ScriptLink\r\n\r\n\r\n10. *About CoreLabs*\r\n\r\nCoreLabs, the research center of Core Security Technologies, is\r\ncharged with anticipating the future needs and requirements for\r\ninformation security technologies. We conduct our research in several\r\nimportant areas of computer security including system vulnerabilities,\r\ncyber attack planning and simulation, source code auditing, and\r\ncryptography. Our results include problem formalization,\r\nidentification of vulnerabilities, novel solutions and prototypes for\r\nnew technologies. CoreLabs regularly publishes security advisories,\r\ntechnical papers, project information and shared software tools for\r\npublic use at: http://www.coresecurity.com/corelabs.\r\n\r\n\r\n11. *About Core Security Technologies*\r\n\r\nCore Security Technologies develops strategic solutions that help\r\nsecurity-conscious organizations worldwide develop and maintain a\r\nproactive process for securing their networks. The company's flagship\r\nproduct, CORE IMPACT, is the most comprehensive product for performing\r\nenterprise security assurance testing. CORE IMPACT evaluates network,\r\nendpoint and end-user vulnerabilities and identifies what resources\r\nare exposed. It enables organizations to determine if current security\r\ninvestments are detecting and preventing attacks. Core Security\r\nTechnologies augments its leading technology solution with world-class\r\nsecurity consulting services, including penetration testing and\r\nsoftware security auditing. Based in Boston, MA and Buenos Aires,\r\nArgentina, Core Security Technologies can be reached at 617-399-6980\r\nor on the Web at http://www.coresecurity.com.\r\n\r\n\r\n12. *Disclaimer*\r\n\r\nThe contents of this advisory are copyright (c) 2009 Core Security\r\nTechnologies and (c) 2009 CoreLabs, and may be distributed freely\r\nprovided that no fee is charged for this distribution and proper\r\ncredit is given.\r\n\r\n\r\n13. *PGP/GPG Keys*\r\n\r\nThis advisory has been signed with the GPG key of Core Security\r\nTechnologies advisories team, which is available for download at\r\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.12 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n \r\niEYEARECAAYFAkrzB5QACgkQyNibggitWa3zbwCfYhTo5o2x1lggJ2dZjAx1uQyp\r\nYEkAoKjU9/gtdrUV7zHGFo6H9GJUyW7W\r\n=FxMs\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-17991", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T18:37:47", "description": "No description provided by source.", "published": "2009-11-05T00:00:00", "title": "Blender 2.34 2.35a 2.4 2.49b .blend File Command Injection", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3850"], "modified": "2009-11-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-14465", "id": "SSV:14465", "sourceData": "\n -----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n \r\n Core Security Technologies - CoreLabs Advisory\r\n http://www.coresecurity.com/corelabs/\r\n\r\nBlender .blend Project Arbitrary Command Execution\r\n\r\n\r\n\r\n1. *Advisory Information*\r\n\r\nTitle: Blender .blend Project Arbitrary Command Execution\r\nAdvisory Id: CORE-2009-0912\r\nAdvisory URL:\r\nhttp://www.coresecurity.com/content/blender-scripting-injection\r\nDate published: 2009-11-05\r\nDate of last update: 2009-11-04\r\nVendors contacted: Blender Foundation\r\nRelease mode: User release\r\n\r\n\r\n\r\n2. *Vulnerability Information*\r\n\r\nClass: Failure to Sanitize Data into a Different Plane [CWE-74]\r\nImpact: Code execution\r\nRemotely Exploitable: Yes (client side)\r\nLocally Exploitable: No\r\nBugtraq ID: 36838\r\nCVE Name: CVE-2009-3850\r\n\r\n\r\n\r\n3. *Vulnerability Description*\r\n\r\nBlender [2] is a 3D graphics application released as free software. It\r\ncan be used for modeling, texturing, rendering, particle, and other\r\nsimulations and creating interactive 3D applications, including games.\r\n\r\nBlender embeds a python interpreter to extend its functionality.\r\nBlender .blend project files can be modified to execute arbitrary\r\ncommands without user intervention by design. An attacker can take\r\nfull control of the machine where Blender is installed by sending a\r\nspecially crafted .blend file and enticing the user to open it.\r\n\r\n\r\n4. *Vulnerable packages*\r\n\r\n . Blender 2.49b\r\n . Blender 2.40\r\n . Blender 2.35a\r\n . Blender 2.34\r\n . Older versions are probably affected too, but they were not checked.\r\n\r\n\r\n5. *Vendor Information, Solutions and Workarounds*\r\n\r\nThe vendor did not provide fixes or workaround information.\r\n\r\nTo determine if a .blend file is suspicious you could parse the\r\ncontent of the file [3] searching for a SDNA [4] of type ScriptLink\r\n[5] with python code bound to an &quot;onLoad&quot; action.\r\n\r\n\r\n6. *Credits*\r\n\r\nThis vulnerability was discovered and researched by Diego Juarez and\r\nSebastian Tello from Core Security Technologies during Bugweek 2009 [1].\r\n\r\nThe publication of this advisory was coordinated by Fernando Russ from\r\nCore Security Advisories Team.\r\n\r\n\r\n7. *Technical Description / Proof of Concept Code*\r\n\r\nBlender [2] .blend project files can be modified to execute arbitrary\r\ncommands without user intervention by design. An attacker can take\r\nfull control of the machine where Blender is installed sending a\r\nspecially crafted .blend file and enticing the user to open it.\r\n\r\nThese are the steps to reproduce the issue:\r\n\r\n . Open the &quot;Text Editor&quot; Panel.\r\n . Right click on the canvas and select &quot;New&quot;.\r\n . Write your python code there. For instance:\r\n\r\n/-----\r\n import os\r\n os.system(&quot;calc.exe&quot;)\r\n- -----/\r\n\r\n . In the text name field (TX:Text.001) input a name for your\r\nscript, e.g.: TX:myscript.\r\n . Open the &quot;Buttons Window&quot; panel.\r\n . From the &quot;panel&quot; dropdown choose &quot;Script&quot;.\r\n . Check that &quot;enable script links&quot; is active.\r\n . Click on &quot;new&quot;.\r\n . Select the script you created (e.g. myscript).\r\n . Choose &quot;OnLoad&quot; from the event dropdown list.\r\n . In the &quot;User Preferences&quot; panel, select File-&gt;Save, and save your\r\nproject.\r\n\r\n\r\n8. *Report Timeline*\r\n\r\n. 2009-10-19:\r\nCore Security Technologies notifies to the Blender foundation of the\r\nvulnerabilty and announces its initial plan to publish this advisory\r\non October 30th, 2009.\r\n\r\n. 2009-10-20:\r\nThe Blender foundation answers that &quot;We are a free software project,\r\nall issues are openly discussed. Just post the discoveries you made\r\nfor everyone to look at.&quot;\r\n\r\n. 2009-10-27:\r\nCore sends a draft advisory to the Blender Foundation for this flaw.\r\nCore also reminds the vendor its intention to publish the content on\r\nOctober 30th, 2009.\r\n\r\n. 2009-10-27:\r\nBID 36838 was assigned to this issue\r\n\r\n. 2009-11-03:\r\nCVE 2009-3850 was assigned to this issue\r\n\r\n. 2009-11-03:\r\nThe Blender Foundation didn't acknowledge or answer our comunications\r\nanymore.\r\n\r\n. 2009-11-05:\r\nThe advisory CORE-2009-0912 is published.\r\n\r\n\r\n\r\n9. *References*\r\n\r\n[1] The author participated in Core Bugweek 2009 as member of the team\r\n&quot;Gimbal Lock N Load&quot;.\r\n[2] http://www.blender.org/\r\n[3] http://www.atmind.nl/blender/mystery_ot_blend.html\r\n[4] http://www.atmind.nl/blender/blender-sdna.html\r\n[5] http://www.atmind.nl/blender/blender-sdna.html#struct:ScriptLink\r\n\r\n\r\n10. *About CoreLabs*\r\n\r\nCoreLabs, the research center of Core Security Technologies, is\r\ncharged with anticipating the future needs and requirements for\r\ninformation security technologies. We conduct our research in several\r\nimportant areas of computer security including system vulnerabilities,\r\ncyber attack planning and simulation, source code auditing, and\r\ncryptography. Our results include problem formalization,\r\nidentification of vulnerabilities, novel solutions and prototypes for\r\nnew technologies. CoreLabs regularly publishes security advisories,\r\ntechnical papers, project information and shared software tools for\r\npublic use at: http://www.coresecurity.com/corelabs.\r\n\r\n\r\n11. *About Core Security Technologies*\r\n\r\nCore Security Technologies develops strategic solutions that help\r\nsecurity-conscious organizations worldwide develop and maintain a\r\nproactive process for securing their networks. The company's flagship\r\nproduct, CORE IMPACT, is the most comprehensive product for performing\r\nenterprise security assurance testing. CORE IMPACT evaluates network,\r\nendpoint and end-user vulnerabilities and identifies what resources\r\nare exposed. It enables organizations to determine if current security\r\ninvestments are detecting and preventing attacks. Core Security\r\nTechnologies augments its leading technology solution with world-class\r\nsecurity consulting services, including penetration testing and\r\nsoftware security auditing. Based in Boston, MA and Buenos Aires,\r\nArgentina, Core Security Technologies can be reached at 617-399-6980\r\nor on the Web at http://www.coresecurity.com.\r\n\r\n\r\n12. *Disclaimer*\r\n\r\nThe contents of this advisory are copyright (c) 2009 Core Security\r\nTechnologies and (c) 2009 CoreLabs, and may be distributed freely\r\nprovided that no fee is charged for this distribution and proper\r\ncredit is given.\r\n\r\n\r\n13. *PGP/GPG Keys*\r\n\r\nThis advisory has been signed with the GPG key of Core Security\r\nTechnologies advisories team, which is available for download at\r\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.12 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n \r\niEYEARECAAYFAkrzB5QACgkQyNibggitWa3zbwCfYhTo5o2x1lggJ2dZjAx1uQyp\r\nYEkAoKjU9/gtdrUV7zHGFo6H9GJUyW7W\r\n=FxMs\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-14465"}], "openvas": [{"lastseen": "2017-07-02T21:13:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3850"], "description": "This host is installed with blender and is prone to Remote\nCommand Execution Vulnerability.", "modified": "2017-03-21T00:00:00", "published": "2009-11-20T00:00:00", "id": "OPENVAS:900252", "href": "http://plugins.openvas.org/nasl.php?oid=900252", "type": "openvas", "title": "Blender .blend File Command Execution Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_blender_cmd_exec_lin.nasl 5660 2017-03-21 11:29:28Z cfi $\n#\n# Blender .blend File Command Execution Vulnerability\n#\n# Authors:\n# Maneesh KB <kmaneesh@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to execute arbitrary\ncommands by sending a specially crafted .blend file that contains Python\nstatements in the onLoad action of a ScriptLink SDNA.\n\nImpact Level: Application\";\n\ntag_affected = \"Blender 2.49b, 2.40, 2.35a, 2.34 and prior.\";\n\ntag_insight = \"This flaw is generated because Blender allows .blend project\nfiles to be modified to execute arbitrary commands without user intervention\nby design.\";\n\ntag_solution = \"No solution or patch was made available for at least one year\nsince disclosure of this vulnerability. Likely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective\nfeatures, remove the product or replace the product by another one.\";\n\ntag_summary = \"This host is installed with blender and is prone to Remote\nCommand Execution Vulnerability.\";\n\nif(description)\n{\n script_id(900252);\n script_version(\"$Revision: 5660 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-21 12:29:28 +0100 (Tue, 21 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-20 06:52:52 +0100 (Fri, 20 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3850\");\n script_bugtraq_id(36838);\n script_name(\"Blender .blend File Command Execution Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://www.coresecurity.com/content/blender-scripting-injection\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_blender_detect_lin.nasl\");\n script_require_keys(\"Blender/Lin/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nblendVer = get_kb_item(\"Blender/Lin/Ver\");\nif(!blendVer){\n exit(0);\n}\n\n#Check if version is equal to 2.49b(2.49.2), 2.40, 2.35a(2.35.1), 2.34 or prior\nif(version_is_equal(version:blendVer, test_version:\"2.49.2\")||\n version_is_equal(version:blendVer, test_version:\"2.40\") ||\n version_is_equal(version:blendVer, test_version:\"2.35.1\")||\n version_is_less_equal(version:blendVer, test_version:\"2.34\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3850"], "description": "Check for the Version of blender", "modified": "2017-07-10T00:00:00", "published": "2011-07-18T00:00:00", "id": "OPENVAS:863346", "href": "http://plugins.openvas.org/nasl.php?oid=863346", "type": "openvas", "title": "Fedora Update for blender FEDORA-2011-8474", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for blender FEDORA-2011-8474\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Blender is the essential software solution you need for 3D, from modeling,\n animation, rendering and post-production to interactive creation and playback.\n\n Professionals and novices can easily and inexpensively publish stand-alone,\n secure, multi-platform content to the web, CD-ROMs, and other media.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"blender on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062641.html\");\n script_id(863346);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-8474\");\n script_cve_id(\"CVE-2009-3850\");\n script_name(\"Fedora Update for blender FEDORA-2011-8474\");\n\n script_summary(\"Check for the Version of blender\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"blender\", rpm:\"blender~2.49b~14.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3850"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-07-18T00:00:00", "id": "OPENVAS:1361412562310863346", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863346", "type": "openvas", "title": "Fedora Update for blender FEDORA-2011-8474", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for blender FEDORA-2011-8474\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062641.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863346\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-8474\");\n script_cve_id(\"CVE-2009-3850\");\n script_name(\"Fedora Update for blender FEDORA-2011-8474\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'blender'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"blender on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"blender\", rpm:\"blender~2.49b~14.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3850"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-07-18T00:00:00", "id": "OPENVAS:1361412562310863355", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863355", "type": "openvas", "title": "Fedora Update for blender FEDORA-2011-8424", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for blender FEDORA-2011-8424\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062616.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863355\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-8424\");\n script_cve_id(\"CVE-2009-3850\");\n script_name(\"Fedora Update for blender FEDORA-2011-8424\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'blender'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"blender on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"blender\", rpm:\"blender~2.49b~16.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3850"], "description": "Check for the Version of blender", "modified": "2017-07-10T00:00:00", "published": "2011-07-18T00:00:00", "id": "OPENVAS:863355", "href": "http://plugins.openvas.org/nasl.php?oid=863355", "type": "openvas", "title": "Fedora Update for blender FEDORA-2011-8424", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for blender FEDORA-2011-8424\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Blender is the essential software solution you need for 3D, from modeling,\n animation, rendering and post-production to interactive creation and playback.\n\n Professionals and novices can easily and inexpensively publish stand-alone,\n secure, multi-platform content to the web, CD-ROMs, and other media.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"blender on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062616.html\");\n script_id(863355);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-8424\");\n script_cve_id(\"CVE-2009-3850\");\n script_name(\"Fedora Update for blender FEDORA-2011-8424\");\n\n script_summary(\"Check for the Version of blender\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"blender\", rpm:\"blender~2.49b~16.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3850"], "description": "This host is installed with blender and is prone to Remote\nCommand Execution Vulnerability.", "modified": "2018-09-22T00:00:00", "published": "2009-11-20T00:00:00", "id": "OPENVAS:1361412562310900252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900252", "type": "openvas", "title": "Blender .blend File Command Execution Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_blender_cmd_exec_lin.nasl 11554 2018-09-22 15:11:42Z cfischer $\n#\n# Blender .blend File Command Execution Vulnerability\n#\n# Authors:\n# Maneesh KB <kmaneesh@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900252\");\n script_version(\"$Revision: 11554 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-22 17:11:42 +0200 (Sat, 22 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-20 06:52:52 +0100 (Fri, 20 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3850\");\n script_bugtraq_id(36838);\n script_name(\"Blender .blend File Command Execution Vulnerability\");\n script_xref(name:\"URL\", value:\"http://www.coresecurity.com/content/blender-scripting-injection\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_blender_detect_lin.nasl\");\n script_mandatory_keys(\"Blender/Lin/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary\ncommands by sending a specially crafted .blend file that contains Python\nstatements in the onLoad action of a ScriptLink SDNA.\");\n script_tag(name:\"affected\", value:\"Blender 2.49b, 2.40, 2.35a, 2.34 and prior.\");\n script_tag(name:\"insight\", value:\"This flaw is generated because Blender allows .blend project\nfiles to be modified to execute arbitrary commands without user intervention\nby design.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"summary\", value:\"This host is installed with blender and is prone to Remote\nCommand Execution Vulnerability.\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nblendVer = get_kb_item(\"Blender/Lin/Ver\");\nif(!blendVer){\n exit(0);\n}\n\nif(version_is_equal(version:blendVer, test_version:\"2.49.2\")||\n version_is_equal(version:blendVer, test_version:\"2.40\") ||\n version_is_equal(version:blendVer, test_version:\"2.35.1\")||\n version_is_less_equal(version:blendVer, test_version:\"2.34\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3850", "CVE-2008-1102", "CVE-2008-1103"], "description": "Gentoo Linux Local Security Checks GLSA 201311-07", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121066", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121066", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201311-07", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201311-07.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121066\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:17 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201311-07\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Blender. Please review the CVE identifier referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201311-07\");\n script_cve_id(\"CVE-2008-1102\", \"CVE-2008-1103\", \"CVE-2009-3850\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201311-07\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-gfx/blender\", unaffected: make_list(\"ge 2.49b-r2\"), vulnerable: make_list(\"lt 2.49b-r2\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:09:44", "description": "Fix CVS-2009-3850. This issue allow the execution of embedded python\ncode in .blend files\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-07-13T00:00:00", "title": "Fedora 14 : blender-2.49b-14.fc14 (2011-8474)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3850"], "modified": "2011-07-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:blender", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-8474.NASL", "href": "https://www.tenable.com/plugins/nessus/55580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8474.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55580);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3850\");\n script_xref(name:\"FEDORA\", value:\"2011-8474\");\n\n script_name(english:\"Fedora 14 : blender-2.49b-14.fc14 (2011-8474)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVS-2009-3850. This issue allow the execution of embedded python\ncode in .blend files\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=533395\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062641.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e91f044a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected blender package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blender\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"blender-2.49b-14.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"blender\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:09:44", "description": "Fix CVE-2009-3850. An issue which allows executing embedded python\ncode in .blend files.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-07-13T00:00:00", "title": "Fedora 15 : blender-2.49b-16.fc15 (2011-8424)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3850"], "modified": "2011-07-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:blender", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-8424.NASL", "href": "https://www.tenable.com/plugins/nessus/55579", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8424.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55579);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3850\");\n script_xref(name:\"FEDORA\", value:\"2011-8424\");\n\n script_name(english:\"Fedora 15 : blender-2.49b-16.fc15 (2011-8424)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVE-2009-3850. An issue which allows executing embedded python\ncode in .blend files.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=533395\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062616.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d260453b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected blender package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blender\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"blender-2.49b-16.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"blender\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:55:17", "description": "The remote host is affected by the vulnerability described in GLSA-201311-07\n(Blender: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Blender. Please review\n the CVE identifier referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2013-11-13T00:00:00", "title": "GLSA-201311-07 : Blender: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3850", "CVE-2008-1102", "CVE-2008-1103"], "modified": "2013-11-13T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:blender", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201311-07.NASL", "href": "https://www.tenable.com/plugins/nessus/70867", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201311-07.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70867);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1102\", \"CVE-2008-1103\", \"CVE-2009-3850\");\n script_bugtraq_id(28870, 28936, 36838);\n script_xref(name:\"GLSA\", value:\"201311-07\");\n\n script_name(english:\"GLSA-201311-07 : Blender: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201311-07\n(Blender: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Blender. Please review\n the CVE identifier referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201311-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Blender users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/blender-2.49b-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(59, 94, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:blender\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/blender\", unaffected:make_list(\"ge 2.49b-r2\"), vulnerable:make_list(\"lt 2.49b-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Blender\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-3850"], "description": ".blend files may contain python code with automatic execution.", "edition": 1, "modified": "2009-11-08T00:00:00", "published": "2009-11-08T00:00:00", "id": "SECURITYVULNS:VULN:10381", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10381", "title": "Code execution with blender files", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-3850"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n \r\n Core Security Technologies - CoreLabs Advisory\r\n http://www.coresecurity.com/corelabs/\r\n\r\nBlender .blend Project Arbitrary Command Execution\r\n\r\n\r\n\r\n1. *Advisory Information*\r\n\r\nTitle: Blender .blend Project Arbitrary Command Execution\r\nAdvisory Id: CORE-2009-0912\r\nAdvisory URL:\r\nhttp://www.coresecurity.com/content/blender-scripting-injection\r\nDate published: 2009-11-05\r\nDate of last update: 2009-11-04\r\nVendors contacted: Blender Foundation\r\nRelease mode: User release\r\n\r\n\r\n\r\n2. *Vulnerability Information*\r\n\r\nClass: Failure to Sanitize Data into a Different Plane [CWE-74]\r\nImpact: Code execution\r\nRemotely Exploitable: Yes &#40;client side&#41;\r\nLocally Exploitable: No\r\nBugtraq ID: 36838\r\nCVE Name: CVE-2009-3850\r\n\r\n\r\n\r\n3. *Vulnerability Description*\r\n\r\nBlender [2] is a 3D graphics application released as free software. It\r\ncan be used for modeling, texturing, rendering, particle, and other\r\nsimulations and creating interactive 3D applications, including games.\r\n\r\nBlender embeds a python interpreter to extend its functionality.\r\nBlender .blend project files can be modified to execute arbitrary\r\ncommands without user intervention by design. An attacker can take\r\nfull control of the machine where Blender is installed by sending a\r\nspecially crafted .blend file and enticing the user to open it.\r\n\r\n\r\n4. *Vulnerable packages*\r\n\r\n . Blender 2.49b\r\n . Blender 2.40\r\n . Blender 2.35a\r\n . Blender 2.34\r\n . Older versions are probably affected too, but they were not checked.\r\n\r\n\r\n5. *Vendor Information, Solutions and Workarounds*\r\n\r\nThe vendor did not provide fixes or workaround information.\r\n\r\nTo determine if a .blend file is suspicious you could parse the\r\ncontent of the file [3] searching for a SDNA [4] of type ScriptLink\r\n[5] with python code bound to an &quot;onLoad&quot; action.\r\n\r\n\r\n6. *Credits*\r\n\r\nThis vulnerability was discovered and researched by Diego Juarez and\r\nSebastian Tello from Core Security Technologies during Bugweek 2009 [1].\r\n\r\nThe publication of this advisory was coordinated by Fernando Russ from\r\nCore Security Advisories Team.\r\n\r\n\r\n7. *Technical Description / Proof of Concept Code*\r\n\r\nBlender [2] .blend project files can be modified to execute arbitrary\r\ncommands without user intervention by design. An attacker can take\r\nfull control of the machine where Blender is installed sending a\r\nspecially crafted .blend file and enticing the user to open it.\r\n\r\nThese are the steps to reproduce the issue:\r\n\r\n . Open the &quot;Text Editor&quot; Panel.\r\n . Right click on the canvas and select &quot;New&quot;.\r\n . Write your python code there. For instance:\r\n\r\n/-----\r\n import os\r\n os.system&#40;&quot;calc.exe&quot;&#41;\r\n- -----/\r\n\r\n . In the text name field &#40;TX:Text.001&#41; input a name for your\r\nscript, e.g.: TX:myscript.\r\n . Open the &quot;Buttons Window&quot; panel.\r\n . From the &quot;panel&quot; dropdown choose &quot;Script&quot;.\r\n . Check that &quot;enable script links&quot; is active.\r\n . Click on &quot;new&quot;.\r\n . Select the script you created &#40;e.g. myscript&#41;.\r\n . Choose &quot;OnLoad&quot; from the event dropdown list.\r\n . In the &quot;User Preferences&quot; panel, select File-&gt;Save, and save your\r\nproject.\r\n\r\n\r\n8. *Report Timeline*\r\n\r\n. 2009-10-19:\r\nCore Security Technologies notifies to the Blender foundation of the\r\nvulnerabilty and announces its initial plan to publish this advisory\r\non October 30th, 2009.\r\n\r\n. 2009-10-20:\r\nThe Blender foundation answers that &quot;We are a free software project,\r\nall issues are openly discussed. Just post the discoveries you made\r\nfor everyone to look at.&quot;\r\n\r\n. 2009-10-27:\r\nCore sends a draft advisory to the Blender Foundation for this flaw.\r\nCore also reminds the vendor its intention to publish the content on\r\nOctober 30th, 2009.\r\n\r\n. 2009-10-27:\r\nBID 36838 was assigned to this issue\r\n\r\n. 2009-11-03:\r\nCVE 2009-3850 was assigned to this issue\r\n\r\n. 2009-11-03:\r\nThe Blender Foundation didn&#39;t acknowledge or answer our comunications\r\nanymore.\r\n\r\n. 2009-11-05:\r\nThe advisory CORE-2009-0912 is published.\r\n\r\n\r\n\r\n9. *References*\r\n\r\n[1] The author participated in Core Bugweek 2009 as member of the team\r\n&quot;Gimbal Lock N Load&quot;.\r\n[2] http://www.blender.org/\r\n[3] http://www.atmind.nl/blender/mystery_ot_blend.html\r\n[4] http://www.atmind.nl/blender/blender-sdna.html\r\n[5] http://www.atmind.nl/blender/blender-sdna.html#struct:ScriptLink\r\n\r\n\r\n10. *About CoreLabs*\r\n\r\nCoreLabs, the research center of Core Security Technologies, is\r\ncharged with anticipating the future needs and requirements for\r\ninformation security technologies. We conduct our research in several\r\nimportant areas of computer security including system vulnerabilities,\r\ncyber attack planning and simulation, source code auditing, and\r\ncryptography. Our results include problem formalization,\r\nidentification of vulnerabilities, novel solutions and prototypes for\r\nnew technologies. CoreLabs regularly publishes security advisories,\r\ntechnical papers, project information and shared software tools for\r\npublic use at: http://www.coresecurity.com/corelabs.\r\n\r\n\r\n11. *About Core Security Technologies*\r\n\r\nCore Security Technologies develops strategic solutions that help\r\nsecurity-conscious organizations worldwide develop and maintain a\r\nproactive process for securing their networks. The company&#39;s flagship\r\nproduct, CORE IMPACT, is the most comprehensive product for performing\r\nenterprise security assurance testing. CORE IMPACT evaluates network,\r\nendpoint and end-user vulnerabilities and identifies what resources\r\nare exposed. It enables organizations to determine if current security\r\ninvestments are detecting and preventing attacks. Core Security\r\nTechnologies augments its leading technology solution with world-class\r\nsecurity consulting services, including penetration testing and\r\nsoftware security auditing. Based in Boston, MA and Buenos Aires,\r\nArgentina, Core Security Technologies can be reached at 617-399-6980\r\nor on the Web at http://www.coresecurity.com.\r\n\r\n\r\n12. *Disclaimer*\r\n\r\nThe contents of this advisory are copyright &#40;c&#41; 2009 Core Security\r\nTechnologies and &#40;c&#41; 2009 CoreLabs, and may be distributed freely\r\nprovided that no fee is charged for this distribution and proper\r\ncredit is given.\r\n\r\n\r\n13. *PGP/GPG Keys*\r\n\r\nThis advisory has been signed with the GPG key of Core Security\r\nTechnologies advisories team, which is available for download at\r\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.12 &#40;MingW32&#41;\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n \r\niEYEARECAAYFAkrzB5QACgkQyNibggitWa3zbwCfYhTo5o2x1lggJ2dZjAx1uQyp\r\nYEkAoKjU9/gtdrUV7zHGFo6H9GJUyW7W\r\n=FxMs\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-11-08T00:00:00", "published": "2009-11-08T00:00:00", "id": "SECURITYVULNS:DOC:22753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22753", "title": "CORE-2009-0912: Blender .blend Project Arbitrary Command Execution", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:06", "description": "\nBlender 2.342.35a2.42.49b - .blend Command Injection", "edition": 1, "published": "2009-11-05T00:00:00", "title": "Blender 2.342.35a2.42.49b - .blend Command Injection", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3850"], "modified": "2009-11-05T00:00:00", "id": "EXPLOITPACK:3752ACBE30E2F304276D1FB783FFAE83", "href": "", "sourceData": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n \n Core Security Technologies - CoreLabs Advisory\n http://www.coresecurity.com/corelabs/\n\nBlender .blend Project Arbitrary Command Execution\n\n\n\n1. *Advisory Information*\n\nTitle: Blender .blend Project Arbitrary Command Execution\nAdvisory Id: CORE-2009-0912\nAdvisory URL:\nhttp://www.coresecurity.com/content/blender-scripting-injection\nDate published: 2009-11-05\nDate of last update: 2009-11-04\nVendors contacted: Blender Foundation\nRelease mode: User release\n\n\n\n2. *Vulnerability Information*\n\nClass: Failure to Sanitize Data into a Different Plane [CWE-74]\nImpact: Code execution\nRemotely Exploitable: Yes (client side)\nLocally Exploitable: No\nBugtraq ID: 36838\nCVE Name: CVE-2009-3850\n\n\n\n3. *Vulnerability Description*\n\nBlender [2] is a 3D graphics application released as free software. It\ncan be used for modeling, texturing, rendering, particle, and other\nsimulations and creating interactive 3D applications, including games.\n\nBlender embeds a python interpreter to extend its functionality.\nBlender .blend project files can be modified to execute arbitrary\ncommands without user intervention by design. An attacker can take\nfull control of the machine where Blender is installed by sending a\nspecially crafted .blend file and enticing the user to open it.\n\n\n4. *Vulnerable packages*\n\n . Blender 2.49b\n . Blender 2.40\n . Blender 2.35a\n . Blender 2.34\n . Older versions are probably affected too, but they were not checked.\n\n\n5. *Vendor Information, Solutions and Workarounds*\n\nThe vendor did not provide fixes or workaround information.\n\nTo determine if a .blend file is suspicious you could parse the\ncontent of the file [3] searching for a SDNA [4] of type ScriptLink\n[5] with python code bound to an \"onLoad\" action.\n\n\n6. *Credits*\n\nThis vulnerability was discovered and researched by Diego Juarez and\nSebastian Tello from Core Security Technologies during Bugweek 2009 [1].\n\nThe publication of this advisory was coordinated by Fernando Russ from\nCore Security Advisories Team.\n\n\n7. *Technical Description / Proof of Concept Code*\n\nBlender [2] .blend project files can be modified to execute arbitrary\ncommands without user intervention by design. An attacker can take\nfull control of the machine where Blender is installed sending a\nspecially crafted .blend file and enticing the user to open it.\n\nThese are the steps to reproduce the issue:\n\n . Open the \"Text Editor\" Panel.\n . Right click on the canvas and select \"New\".\n . Write your python code there. For instance:\n\n/-----\n import os\n os.system(\"calc.exe\")\n- -----/\n\n . In the text name field (TX:Text.001) input a name for your\nscript, e.g.: TX:myscript.\n . Open the \"Buttons Window\" panel.\n . From the \"panel\" dropdown choose \"Script\".\n . Check that \"enable script links\" is active.\n . Click on \"new\".\n . Select the script you created (e.g. myscript).\n . Choose \"OnLoad\" from the event dropdown list.\n . In the \"User Preferences\" panel, select File->Save, and save your\nproject.\n\n\n8. *Report Timeline*\n\n. 2009-10-19:\nCore Security Technologies notifies to the Blender foundation of the\nvulnerabilty and announces its initial plan to publish this advisory\non October 30th, 2009.\n\n. 2009-10-20:\nThe Blender foundation answers that \"We are a free software project,\nall issues are openly discussed. Just post the discoveries you made\nfor everyone to look at.\"\n\n. 2009-10-27:\nCore sends a draft advisory to the Blender Foundation for this flaw.\nCore also reminds the vendor its intention to publish the content on\nOctober 30th, 2009.\n\n. 2009-10-27:\nBID 36838 was assigned to this issue\n\n. 2009-11-03:\nCVE 2009-3850 was assigned to this issue\n\n. 2009-11-03:\nThe Blender Foundation didn't acknowledge or answer our comunications\nanymore.\n\n. 2009-11-05:\nThe advisory CORE-2009-0912 is published.\n\n\n\n9. *References*\n\n[1] The author participated in Core Bugweek 2009 as member of the team\n\"Gimbal Lock N Load\".\n[2] http://www.blender.org/\n[3] http://www.atmind.nl/blender/mystery_ot_blend.html\n[4] http://www.atmind.nl/blender/blender-sdna.html\n[5] http://www.atmind.nl/blender/blender-sdna.html#struct:ScriptLink\n\n\n10. *About CoreLabs*\n\nCoreLabs, the research center of Core Security Technologies, is\ncharged with anticipating the future needs and requirements for\ninformation security technologies. We conduct our research in several\nimportant areas of computer security including system vulnerabilities,\ncyber attack planning and simulation, source code auditing, and\ncryptography. Our results include problem formalization,\nidentification of vulnerabilities, novel solutions and prototypes for\nnew technologies. CoreLabs regularly publishes security advisories,\ntechnical papers, project information and shared software tools for\npublic use at: http://www.coresecurity.com/corelabs.\n\n\n11. *About Core Security Technologies*\n\nCore Security Technologies develops strategic solutions that help\nsecurity-conscious organizations worldwide develop and maintain a\nproactive process for securing their networks. The company's flagship\nproduct, CORE IMPACT, is the most comprehensive product for performing\nenterprise security assurance testing. CORE IMPACT evaluates network,\nendpoint and end-user vulnerabilities and identifies what resources\nare exposed. It enables organizations to determine if current security\ninvestments are detecting and preventing attacks. Core Security\nTechnologies augments its leading technology solution with world-class\nsecurity consulting services, including penetration testing and\nsoftware security auditing. Based in Boston, MA and Buenos Aires,\nArgentina, Core Security Technologies can be reached at 617-399-6980\nor on the Web at http://www.coresecurity.com.\n\n\n12. *Disclaimer*\n\nThe contents of this advisory are copyright (c) 2009 Core Security\nTechnologies and (c) 2009 CoreLabs, and may be distributed freely\nprovided that no fee is charged for this distribution and proper\ncredit is given.\n\n\n13. *PGP/GPG Keys*\n\nThis advisory has been signed with the GPG key of Core Security\nTechnologies advisories team, which is available for download at\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc.\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.12 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n \niEYEARECAAYFAkrzB5QACgkQyNibggitWa3zbwCfYhTo5o2x1lggJ2dZjAx1uQyp\nYEkAoKjU9/gtdrUV7zHGFo6H9GJUyW7W\n=FxMs\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it.\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3850"], "description": "Blender is the essential software solution you need for 3D, from modeling, animation, rendering and post-production to interactive creation and playba ck. Professionals and novices can easily and inexpensively publish stand-alone, secure, multi-platform content to the web, CD-ROMs, and other media. ", "modified": "2011-07-12T21:57:24", "published": "2011-07-12T21:57:24", "id": "FEDORA:9B87C10F85E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: blender-2.49b-16.fc15", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3850"], "description": "Blender is the essential software solution you need for 3D, from modeling, animation, rendering and post-production to interactive creation and playba ck. Professionals and novices can easily and inexpensively publish stand-alone, secure, multi-platform content to the web, CD-ROMs, and other media. ", "modified": "2011-07-12T22:02:57", "published": "2011-07-12T22:02:57", "id": "FEDORA:6B164110C3F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: blender-2.49b-14.fc14", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:46", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3850", "CVE-2008-1102", "CVE-2008-1103"], "edition": 1, "description": "### Background\n\nBlender is a 3D Creation/Animation/Publishing System.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Blender. Please review the CVE identifier referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Blender users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/blender-2.49b-r2\"", "modified": "2013-11-13T00:00:00", "published": "2013-11-13T00:00:00", "id": "GLSA-201311-07", "href": "https://security.gentoo.org/glsa/201311-07", "type": "gentoo", "title": "Blender: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}