TinyOS Stack-Based Buffer Overflow Vulnerability in mcp2200gpio Utility
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the mcp2200gpio utility of TinyOS, affecting versions through 2.1.2. The vulnerability arises from the unsafe use of strcpy() and strcat() functions, which are employed to construct device paths during automatic device discovery. This flaw allows a local attacker to create specially crafted filenames in the /dev/usb/ directory, leading to stack memory corruption and application crashes. In non-hardened builds, this vulnerability could be exploited for arbitrary code execution.
Impact
Exploitation of this vulnerability causes stack memory corruption, application crashes, and in non-hardened builds, could lead to arbitrary code execution.
Reproduction
To reproduce this vulnerability, create a filename under /dev/usb/ that is crafted to exceed the buffer size of the mcp2200gpio utility. This can be done by writing a file with a name that is 246 bytes long, which will overflow the buffer when the utility is run.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.