Blender Command Line Filename Overflow

2005-09-29T19:35:39
ID OSVDB:19726
Type osvdb
Reporter Qnix(qnix@bsdmail.org)
Modified 2005-09-29T19:35:39

Description

Vulnerability Description

A local overflow exists in Blender. The 'blenderplayer' command line fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted filename, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A local overflow exists in Blender. The 'blenderplayer' command line fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted filename, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.blender3d.org/ Secunia Advisory ID:17013 Generic Exploit URL: http://www.securiteam.com/exploits/5BP0T2KGVA.html CVE-2005-3151 Bugtraq ID: 14983