Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Breakpoint Security: Encase Pre-Advisory

from [announce] Network Security [Permanent Link]
Subject: Breakpoint Security: Encase Pre-Advisory
Date: 27 Jul 2007 07:25:32 -0000 
Breakpoint Security Advisory

Affected Vendor:

Guidance Software

Affected Products:

Encase 5.0 and possibly other version

Background:

    With Encase's recent response to the iSec's security report and their 
ability to both market their product while at the same time minimizing their 
products issues, Breakpoint Security decided to advise Encase to take their 
software's assurance a bit more serious.  In the course of 6 hours researchers 
from Breakpoint Security conducted not so intensive tests of about 10 scenarios 
utilizing specialized proprietary software like dd, xxd and ultraedit. 
    As a result of this testing regimen, Breakpoint Security was able to 
identify multiple bugs in Encase.  All the testing done OBVIOUSLY involved 
intentionally corrupted files. We contend that any issues found in software 
written for forensic purposes must not fall victim to possibly infected images. 
 While this problem may simply postpone an investigation, other more critical 
issues could result in more intrusive actions.

 

Vulnerability Details:

Vulnerability details will be disclosed at a later date. The vulnerability 
resides in Encase's file system parsing. The malicious user can force encase 
into an infinite recursion loop, exhausting the stack.

 

Credit:

Breakpoint Security Research Team http://www.breakpointsecurity.net/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Breakpoint Security: Encase Pre-Advisory, announce <=
Previous by Date:  [Full-disclosure] rPSA-2007-0149-1 bind bind-utils, rPath Update Announcements
Next by Date:  Re: Guidance Software response to iSEC report on EnCase (fwd), Alexander Sotirov
Previous by Thread:  [Full-disclosure] rPSA-2007-0149-1 bind bind-utils, rPath Update Announcements
Next by Thread:  rPSA-2007-0150-1 libvorbis, rPath Update Announcements
Indexes:  [Date] [Thread] [Top] [All Lists]