Ads HOCR Local Buffer Overflows Sunday, 04 September 2005 Summary "HOCR is a Hebrew character recognition c/c++ library". Lack of proper length validation allows local attackers to cause the HOCR to execute arbitrary code. Credit: The information has been provided by Ido Kanner. Details Vulnerable Systems: * HOCR Revision 112 Immune Systems: * HOCR Revision 124 The HOCR program demonstrates how the HOCR library can be used. The HOCR program receives command line parameters. These command line parameters length is set to 255 characters, however the user provided input is checked for its length, allowing local users to overflow the buffer utilized and cause the program to execute arbitrary code. Vulnerable code: hocr-cmd.c: ... char filename_in[255]; char filename_out[255]; char format_out[255]; ... while ((c = getopt (argc, argv, "hi:o:f:")) != EOF) { switch (c) { case i: opt_i = 1; if (optarg) strcpy (filename_in, optarg); break; case o: opt_o = 1; if (optarg) strcpy (filename_out, optarg); break; case f: opt_f = 1; if (optarg) strcpy (format_out, optarg); break; .... Proof of Concept: The following command line will cause the program to overflow one of its internal buffers: hocr -i `perl -e print "a" x 260;` Vendor Status: The vendor has fixed the vulnerability as soon as it was contacted. Disclosure Timeline: 03/09/2005 - Vulnerability discovered 03/09/2005 - Vendor notified and a fix was released 04/09/2005 - Public disclosure   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.