ASA-2019-00037 – Keybase: Buffer overflow in Windows filesystem driver

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00037

Identifier(s)

ASA-2019-00037, CVE-2018-5410, KB003

Title

Buffer overflow in Windows filesystem driver

Vendor(s)

Keybase

Product(s)

Keybase

Affected version(s)

Keybase before 2.12.3-20181221135356

Fixed version(s)

Keybase 2.12.3-20181221135356

Proof of concept

Unknown

Description

On Windows, the Keybase filesystem optionally mounts via drivers provided by the Dokan project. A stack-based buffer overflow in the dokan driver has been discovered. Dokan was not checking the length of the path argument during mount.

Technical details

Unknown

Credits

Parvez Anwar

Reference(s)

Buffer overflow in Windows filesystem driver (KB003)
https://keybase.io/docs/secadv/kb003

update dokan to 1.2.1.2000
https://github.com/keybase/client/commit/07526687c988b41d4393afd4c1dd2a9f38c12d68

sys – Fix Buffer Overflow by adding mount length path check
https://github.com/dokan-dev/dokany/commit/4954cc0a3299b20274ac64bf52d6c285a1f40b0f

CVE-2018-5410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5410

CVE-2018-5410
https://nvd.nist.gov/vuln/detail/CVE-2018-5410

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: February 2, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.