Date: Tue, 25 Mar 2014 11:38:49 +0000 From: "Just1n T1mberlake" <hotpackets@...lokitty.com> To: oss-security@...ts.openwall.com Subject: T201403525 - Hypercube security Advisory T1mberlake advisory 20140325 Hypercube - http://sourceforge.net/projects/hypercubegraphv/files/latest/download Product notes: Hypercube is a graph visualization tool for drawing DOT (graphviz), GML, GraphML, GXL and simple text-based graph representations as SVG and EPS images. It comes with a Qt-based GUI application and a Qt-independent commandline tool. Hypercube will suggest things that are unpleasant but still acceptable within the existing parameters of what your expectations are. Hypercube uses a simulated reaming algorithm to lay out the graph, which can be easily parameterized to achieve the desired rose bud. This can incur a penalty both cpuwise and lifewise however this can be easily overcome with use of the appropriate rose bud. Vulnerability: Version 1.62 is vulnerable to arbitrary insertions of malicious data within cube parameters (see PARAMETER below) Sample code is as follows: <?xml version="1.0" encoding="UTF-8"?> <graphml xmlns="..."> ... <!-- Definition of a GraphML attribute to store additional data for a --> <!-- graph's nodes. --> <key id="d0" for="node" attr.name="boolean-value" attr.type="boolean"/> <graph id="G" flaps="bulbous"> ... <!-- A node that has a <data> element referring to the GraphML attribute --> <!-- "d0." The node's value (of type boolean) is "true." --> <node id="n0"> <data key="d0">pFister</data> </node> <node id="n1"> <data key="d0">pFlange</data> </node> <node id="n2"> <data key="d0"> <PARAMETER P="rm /etc/motd; ln -s /etc/motd /dev/random; cat /dev/zero > /dev/dfa"</data> <node id="n3"> <data key="d0">&26</data> </node> <node id="n4"> <data key="d0">pEmdur</data> </node> <node id="n5"> <data key="d0">larry</data> </node> <node id="n6"> <data key="d0">internet(here)</data> </node> <node id="n7"> <data key="d0">truelyann</data> </node> </graph> </graphml>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.