YS VTMthe module has a buffer overflow vulnerability that can causeVTMprocess abnormally exited "high"
Problem Description:
YS VTMmodule Open External listening port (8554and the8664) and receive network data from the outside, the intermediate module calls to thememcpyfunction to copy the network data, but the module does not correctly determine the number of bytes copied, using theNessusA buffer overflow occurs when the module is scanned and passed over a long string, and eventually causesVTMThe process exited unexpectedly.
Test steps:
1. Openollydbgand AttachVTMprocess,
2. StartNessustheYSA vulnerability scan will result infuzzingdata, as shown in:
3. in theNessusduring the scan, byollydbgobservedVTMthe status of the process discovery process aborted abnormally, viewollydbgthe call stack for the application layer is found to produce an exception.vtm_app.memcpyfunction to control the size of the copy parameterNto be-1indicates that an extra-long string was passed in:
problem Extension:
The immediate consequences of a buffer overflow are generally denial of service, and under certain conditions it can be used to send customized packets to the server to execute custom code, depending on the operating system and compiler's secure compilation options.
Solution Recommendations:
All external data (network data, command line, environment variables, file contents, etc.) are not trustworthy, in the operation of external data must be strictly filtered, in the call string and memory copy function, the copy size should always be the size of the target buffer as a reference.
A typical software vulnerability--memcpy caused by a buffer overflow