Kaprica Security (KPRCA)
Glue is a custom file format meant to be used as an archiving mechanism for system administrators who desire to store large collections of files as a single file. This service is command line parser for glue files desired to allow system administrators to easily examine and validate the contents of their glue files.
Print the follow attributes about each object contained within the archive
The vulnerability for this service exists within the fetching of the user's user_code for a object in the glue file. user_codes are contained within a global string in the binary that is indexed into using the product of the user ID and group ID on the current object being processed. If this computed index is specially crafted it can be used to cause the service to print out contents of values in the secret page thus resulting in a type 2 vulnerability.
Invalid Array Index
CWE-125: Out-of-bounds Read CWE-129: Improper Validation of Array Index
This is a relatively simple vulnerability to prove. By realizing that the index into the global user_codes array could result into a type 2 vulnerability, the CRS will then need to identify that the index is based off of the GID and UID which taken from input provided to the service. Difficulty does however lie in accurately encoding the desired GID and UID as character encoded octal numbers which is the format in which the challenge binary expects them to be encoded.
Discovering: Easy Proving: Easy Fixing: Easy
Curated by Lunge Technology, LLC. Questions or comments? Send us email