GNU Barcode 0.99 Buffer Overflow

2018-05-29T00:00:00
ID ZSL-2018-5470
Type zeroscience
Reporter Gjoko Krstic
Modified 2018-05-29T00:00:00

Description

Title: GNU Barcode 0.99 Buffer Overflow
Advisory ID: ZSL-2018-5470
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 29.05.2018

Summary

GNU Barcode is a tool to convert text strings to printed bars. It supports a variety of standard codes to represent the textual strings and creates postscript output.

Description

The vulnerability is caused due to a boundary error in the processing of an input file, which can be exploited to cause a buffer overflow when a user processes e.g. a specially crafted file. Successful exploitation could allow execution of arbitrary code on the affected machine.

Vendor

The GNU Project - <https://www.gnu.org/software/barcode/>
Free Software Foundation, Inc. - <https://directory.fsf.org/wiki/Barcode>

Affected Version

0.99

Tested On

Ubuntu 16.04.4

Vendor Status

[09.12.2017] Vulnerability discovered.
[14.05.2018] Vendor contacted.
[28.05.2018] No response from the vendor.
[29.05.2018] Public security advisory released.

PoC

gnubarcode_bof.txt
gnubarcode_crashes.tar

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] <https://www.exploit-db.com/exploits/44797/>
[2] <https://cxsecurity.com/issue/WLB-2018050302>
[3] <https://packetstormsecurity.com/files/147979>
[4] <https://exchange.xforce.ibmcloud.com/vulnerabilities/144093>

Changelog

[29.05.2018] - Initial release
[13.06.2018] - Added reference [2], [3] and [4]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: lab@zeroscience.mk

                                        
                                            &lt;html&gt;&lt;head&gt;&lt;title&gt;403 Nothing to see.&lt;/title&gt;
&lt;link rel="Shortcut Icon" href="favicon.ico" type="image/x-icon"&gt;
&lt;style type="text/css"&gt;
&lt;!--
body {
	background-color: #000;
}
body,td,th {
	font-family: Verdana, Geneva, sans-serif;
}
a:link {
	color: #008FEF;
	text-decoration: none;
}
a:visited {
	color: #008FEF;
	text-decoration: none;
}
a:hover {
	text-decoration: underline;
	color: #666;
}
a:active {
	text-decoration: none;
}
--&gt;
&lt;/style&gt;
&lt;/head&gt;
&lt;body bgcolor=black&gt;
&lt;center&gt;
&lt;font color="#7E88A3" size="2"&gt;
&lt;br /&gt;&lt;br /&gt;
&lt;h1&gt;403 Nothing to see.&lt;/h1&gt;

You do not have the powah for this request /403.shtml&lt;br /&gt;&lt;br /&gt;
&lt;font size="2"&gt;&lt;a href="https://www.zeroscience.mk"&gt;https://www.zeroscience.mk&lt;/a&gt;&lt;/font&gt;
&lt;/font&gt;&lt;/center&gt;
&lt;/body&gt;&lt;/html&gt;