Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 31 May 2018 18:05:19 +0200
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: <oss-security@...ts.openwall.com>
Cc: <pete@...o.ie>
Subject: CVE request: rufus

Hi @ll,

like its predecessors, the recently (2018-05-29) published version
3.0 of "Rufus" (<https://rufus.akeo.ie/downloads/rufus-3.0.exe> and
<https://rufus.akeo.ie/downloads/rufus-3.0p.exe>) is riddled with
bloody beginners errors, which allow arbitrary code execution WITH
escalation of privilege.

Vulnerability #1
~~~~~~~~~~~~~~~~

See <https://cwe.mitre.org/data/definitions/426.html>
and <https://cwe.mitre.org/data/definitions/427.html>
plus <https://capec.mitre.org/data/definitions/471.html>.

Additionally see Microsoft's developer guidance
<https://technet.microsoft.com/en-us/library/2269637.aspx>,
<https://msdn.microsoft.com/en-us/library/ff919712.aspx>,
<https://msdn.microsoft.com/en-us/library/ms682586.aspx> und
<http://blogs.technet.com/b/srd/archive/2014/05/13/load-library-safely.aspx>
for avoiding this bloody beginner's error.

Also see
<https://insights.sei.cmu.edu/cert/2008/09/carpet-bombing-and-directory-poisoning.html>
and
<http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html>
plus
<https://insights.sei.cmu.edu/cert/2016/06/bypassing-application-whitelisting.html>
for "prior art".


Vulnerability #2
~~~~~~~~~~~~~~~~

See <https://cwe.mitre.org/data/definitions/377.html>
and <https://cwe.mitre.org/data/definitions/379.html>
plus <https://capec.mitre.org/data/definitions/29.html>

stay tuned
Stefan Kanthak

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ