Astrolog Buffer Overflow Vulnerability Allowing Arbitrary Code Execution and Denial-of-Service
Vulnerability
A buffer overflow vulnerability has been identified in Astrolog version 7.70. This vulnerability allows attackers to execute arbitrary code or cause a denial-of-service condition by sending an overly long environment variable to the 'FileOpen' function. The issue arises because the function uses 'sprintf' to concatenate environment variable values with file paths without proper bounds checking, enabling memory corruption and potential code execution.
Impact
Exploitation of this vulnerability leads to a program crash due to memory corruption, causing a denial-of-service condition. Additionally, under certain circumstances, an attacker could overwrite return addresses to execute arbitrary code.
Reproduction
The vulnerability can be reproduced by setting an excessively long environment variable value for 'ASTROLOG' and then running the Astrolog application. This can be done using a command that generates a 1024-character string of 'A' characters, which is then exported as the 'ASTROLOG' environment variable. After executing the application, the output will show a segmentation fault, indicating a crash caused by the buffer overflow.
Remediation
The vulnerability has been addressed in the latest version of Astrolog. Users are advised to update to this version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.