Thursday, February 24, 2022

Vulnerability Spotlight: Vulnerabilities in Gerbv could lead to code execution, information disclosure



Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. 

Cisco Talos recently discovered multiple vulnerabilities in the Gerbv file viewing software that could allow an attacker to execute arbitrary remote code or disclose sensitive information. 

Gerbv is an open-source software that allows users to view RS-274X Gerber files, Excellon drill files and pick-n-place files — all common file formats used to display layers of a circuit board and other computer parts. All of these vulnerabilities exist in the function that allows Gerbv to open Gerber files. Gerbv can be used as a standalone GUI application, or as a library.

TALOS-2021-1402 (CVE-2021-40391), TALOS-2021-1404 (CVE-2021-40393), TALOS-2021-1405 (CVE-2021-40394) and TALOS-2021-1415 (CVE-2021-40401) could all be triggered if an attacker uploads a specially crafted file to the software. This could cause a variety of conditions, eventually allowing an attacker to execute arbitrary code on the targeted device.  

TALOS-2021-1413 (CVE-2021-40400), TALOS-2021-1416 (CVE-2021-40402) and TALOS-2021-1417 (CVE-2021-40403) also arise when the attacker uploads a specially crafted file. In these cases, though, it causes an out-of-bounds read condition. An adversary could use this condition to either read process memory or read any file in the system (either via relative or absolute paths) and exfiltrate the content of said file. 

Cisco Talos worked with Gerbv to responsibly disclose these vulnerabilities in adherence to Cisco’s vulnerability disclosure policy. However, an update is not available to fix these issues as of Feb. 28, 2022. 

Talos tested and confirmed the following software is affected by these vulnerabilities: Gerbv versions 2.7.0, forked 2.7.1, forked 2.8.0 and dev commit b5f1eacd. 

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 58534 – 58537, 58597, 58598, 58633, 58634, 58659-58664, and 58665 - 58668. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.