New issue
Advanced search Search tips
Issue 466
Starred by 4 users
Status: Fixed
Owner:
hawkes@google.com
Closed: Jun 2015
Cc:
project-...@google.com



Sign in to add a comment
 ESET NOD32 Heap overflow unpacking EPOC installation files.
Project Member Reported by taviso@google.com, Jun 26 2015 Back to list 
$ head -30 symbian.c 
#include <stdio.h>
#include <stdint.h>
#include <stddef.h>

//
// ESET NOD32 Heap overflow unpacking EPOC installation files.
//
// By creating a file record with type SIS_FILE_MULTILANG (meaning a different
// file is provided for every supported language), and then claiming to support
// a very large number of languages, a 16-bit calculation overflows. This leads
// to a nice clean heap overflow.
//
// The maximum possible value for the number of languages is 99, because only
// 99 language codes are defined. Even if you included a different file for
// every language it wouldn't exceed 99.
//
// So the bug is, check for overflow if you want to support non-existant
// language codes, or cap it at 99.
//
$ gcc symbian.c -o symbian
$ ./symbian > testcase
$ esets_scan testcase
Segmentation fault

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.
symbian.c
3.8 KB Download
Project Member Comment 1 by taviso@google.com, Jun 30 2015
Labels: -Restrict-View-Commit
Status: Fixed
ESET pushed out an update

http://www.virusradar.com/en/update/info/11861
Comment 2 by ignac...@gmail.com, Jun 30 2015 
Some more information about the update, so customers can make sure they are updated:
http://www.eset.com/int/about/press/eset-blog/article/eset-regularly-releasing-updates-to-products/
Project Member Comment 3 by scvitti@google.com, Mar 3 2016
Labels: -Reported-26-Jun-15 Reported-2015-Jun-26
Owner: hawkes@google.com
Sign in to add a comment