Canon RAW image used as an exploit

[ggeen]

OK, had to share this one because I just never seen one quite like it before.

Quote:

CVE-2009-1728
Stack-based buffer overflow in Image RAW in Apple Mac OS X before Digital Camera RAW Compatibility Update 2.6 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted Canon RAW image.

[Imagebuffet]

You might get more replies if you translated that news summary into a human language.

My attempt at it would be to explain that computers use buffers to store information temporarily, a sort of digital short-term memory. A pointer keeps track of where in memory the information is located. Unfortunately, due to a lack of appropriate error handling that dates back to the dawn of the Computer Age, if too much information is placed in one of these buffers, the pointer can get lost, or point to a part of memory where it shouldn't be pointing. Hackers exploit this weakness as a buffer overflow exploit.

A stack is a bunch of buffers. I don't know how a stack-based buffer overflow would work, exactly, but it's probably similiar to exploiting the overflow of a single buffer.

The particular exploit described sounds arcane. How many people share RAW image files across Apple Macs? Not too many, I would think, and those who do probably know each other. This doesn't sound like a good way to treat your friends.

[ggeen]

Thanks Richard. I just had not seen a RAW image used as an exploit. There are, however, several instances of EXIF data aslo being used as an attack vector. CVE-2009-1729 was just that. Many of us leave the EXIF data intact when sharing files, even here.

So, by created a specifically crafted EXIF data one could execute arbitrary code. The thing we are seeing more than anything else is the move away from attacking the operating system and attacking network aware software.