Blender BVF File Import Python Code Execution Vulnerability
BID:17663
Info
Blender BVF File Import Python Code Execution Vulnerability
| Bugtraq ID: | 17663 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-3302 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 24 2006 12:00AM |
| Updated: | Dec 14 2006 04:38PM |
| Credit: | Joxean Koret <[email protected]> discovered this issue. |
| Vulnerable: |
Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Blender Blender 2.36 |
| Not Vulnerable: | |
Discussion
Blender BVF File Import Python Code Execution Vulnerability
Blender is susceptible to a Python code-execution vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input before using it in a Python 'eval' statement.
This issue allows attackers to execute arbitrary Python code in the context of the user running the affected application.
Blender is susceptible to a Python code-execution vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input before using it in a Python 'eval' statement.
This issue allows attackers to execute arbitrary Python code in the context of the user running the affected application.
Exploit / POC
Blender BVF File Import Python Code Execution Vulnerability
BVH files are text-based, allowing attackers to use standard utilities to exploit this vulnerability.
The following example BVH files are sufficient to demonstrate this issue:
http://bugs.debian.org/cgi-bin/bugreport.cgi/exploit.bvh?bug=330895;msg=5;att=1
http://bugs.debian.org/cgi-bin/bugreport.cgi/poc1.bvh?bug=330895;msg=5;att=3
http://bugs.debian.org/cgi-bin/bugreport.cgi/poc2.bvh?bug=330895;msg=5;att=4
BVH files are text-based, allowing attackers to use standard utilities to exploit this vulnerability.
The following example BVH files are sufficient to demonstrate this issue:
http://bugs.debian.org/cgi-bin/bugreport.cgi/exploit.bvh?bug=330895;msg=5;att=1
http://bugs.debian.org/cgi-bin/bugreport.cgi/poc1.bvh?bug=330895;msg=5;att=3
http://bugs.debian.org/cgi-bin/bugreport.cgi/poc2.bvh?bug=330895;msg=5;att=4
Solution / Fix
Blender BVF File Import Python Code Execution Vulnerability
Solution:
The vendor has committed fixes to their CVS repository to address this issue.
Please see the referenced advisories for further information on obtaining and applying fixes.
Blender Blender 2.36
Solution:
The vendor has committed fixes to their CVS repository to address this issue.
Please see the referenced advisories for further information on obtaining and applying fixes.
Blender Blender 2.36
-
Debian blender_2.36-1sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1s arge1_alpha.deb -
Debian blender_2.36-1sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1s arge1_amd64.deb -
Debian blender_2.36-1sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1s arge1_arm.deb -
Debian blender_2.36-1sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1s arge1_hppa.deb -
Debian blender_2.36-1sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1s arge1_i386.deb -
Debian blender_2.36-1sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1s arge1_ia64.deb -
Debian blender_2.36-1sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1s arge1_m68k.deb -
Debian blender_2.36-1sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1s arge1_mips.deb -
Debian blender_2.36-1sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1s arge1_mipsel.deb -
Debian blender_2.36-1sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1s arge1_powerpc.deb -
Debian blender_2.36-1sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1s arge1_s390.deb -
Debian blender_2.36-1sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1s arge1_sparc.deb
References
Blender BVF File Import Python Code Execution Vulnerability
References:
References:
- Blender Homepage (Blender)
- Debian Bug report logs - #330895 (Debian)