Wincor Nixdorf PORT IO Driver Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Wincor Nixdorf PORT IO Driver, specifically in versions through 1.0.0.1. The issue arises in the IOCTL Handler component, within the 'wnport.sys' library, particularly in the 'sub_11100' function. This vulnerability is caused by inadequate input validation, allowing local attackers to send oversized buffers that exceed the allocated stack space. Exploitation of this flaw can lead to memory corruption, system crashes, and potentially arbitrary code execution, especially since the driver's IOCTL functions can be accessed by low-privileged programs.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, leading to memory corruption and system crashes. However, in more severe cases, this memory corruption can be exploited to execute arbitrary code with elevated privileges, allowing attackers to execute unauthorized commands, access sensitive data, install malware, or gain full control of the affected system.

Reproduction

The vulnerability can be reproduced by sending a large input buffer through the IOCTL codes 0x80102040, 0x80102044, 0x80102050, or 0x80102054. This can be done using a local program with low privileges, which can invoke the vulnerable IOCTL functions of the driver. The oversized buffer bypasses the driver's input validation, triggering the stack-based overflow.

Remediation

Users are advised to upgrade to version 3.0.0.1 of the PORT IO Driver, which addresses this vulnerability. The updated version is available for download from the Diebold Nixdorf Download Center.