CVE-2017-2906 Detail

UUID: 559135b0-7cf8-4c47-80eb-0c8ca9d1e048

Current Description

An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.

Analysis Description

An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.

7.8
Base Score
5.9
Impact Score
1.8
Exploitability Score

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The access vector (AV) metric reflects the context by which vulnerability exploitation is possible.

  • Network (N): The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers).
  • Adjacent (A): The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared physical (e.g., Bluetooth or IEEE 802.11) or logical (e.g., local IP subnet) network, or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN to an administrative network zone).
  • Local (L): The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities.
  • Physical (P): The attack requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g., evil maid attack[^1]) or persistent.

The access complexity (AC) metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability

  • Low (L): Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component.
  • High (H): A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected.

The Privileges Required (PR) metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.

  • None (N): The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the the vulnerable system to carry out an attack.
  • Low (L): The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources.
  • High (H): The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files.

The User Interaction (UI) metric describes the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.

  • None (N): The vulnerable system can be exploited without interaction from any user.
  • Required (R): Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited. For example, a successful exploit may only be possible during the installation of an application by a system administrator.

The Scope (S) metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.

  • Unchanged (U): An exploited vulnerability can only affect resources managed by the same security authority. In this case, the vulnerable component and the impacted component are either the same, or both are managed by the same security authority.
  • Changed (C): An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

The confidentiality (C) metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.

  • High (H): There is a total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact.
  • Low (L): There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the impacted component.
  • None (N): There is no loss of confidentiality within the impacted component.

The Integrity (I) metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information.

  • High (H): There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the impacted component. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the impacted component.
  • Low (L): Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact on the impacted component.
  • None (N): There is no loss of integrity within the impacted component.

The availability (A) metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the impacted component, this metric refers to the loss of availability of the impacted component itself, such as a networked service (e.g., web, database, email).

  • High (H): There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). Alternatively, the attacker has the ability to deny some availability, but the loss of availability presents a direct, serious consequence to the impacted component (e.g., the attacker cannot disrupt existing connections, but can prevent new connections; the attacker can repeatedly exploit a vulnerability that, in each instance of a successful attack, leaks a only small amount of memory, but after repeated exploitation causes a service to become completely unavailable).
  • Low (L): Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the impacted component are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the impacted component.
  • None (N): There is no impact to availability within the impacted component.
6.8
Base Score
6.4
Impact Score
8.6
Exploitability Score

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The access vector (AV) shows how a vulnerability may be exploited.

  • Local (L): The attacker must either have physical access to the vulnerable system (e.g. firewire attacks) or a local account (e.g. a privilege escalation attack).
  • Adjacent Network (A): The attacker must have access to the broadcast or collision domain of the vulnerable system (e.g. ARP spoofing, Bluetooth attacks).
  • Network (N): The vulnerable interface is working at layer 3 or above of the OSI Network stack. These types of vulnerabilities are often described as remotely exploitable (e.g. a remote buffer overflow in a network service)

The access complexity (AC) metric describes how easy or difficult it is to exploit the discovered vulnerability.

  • High (H): Specialised conditions exist, such as a race condition with a narrow window, or a requirement for social engineering methods that would be readily noticed by knowledgeable people.
  • Medium (M): There are some additional requirements for the attack, such as a limit on the origin of the attack, or a requirement for the vulnerable system to be running with an uncommon, non-default configuration.
  • Low (L): There are no special conditions for exploiting the vulnerability, such as when the system is available to large numbers of users, or the vulnerable configuration is ubiquitous.

The authentication (Au) metric describes the number of times that an attacker must authenticate to a target to exploit it. It does not include (for example) authentication to a network in order to gain access. For locally exploitable vulnerabilities, this value should only be set to Single or Multiple if further authentication is required after initial access.

  • Multiple (M): Exploitation of the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time.
  • Single (S): The attacker must authenticate once in order to exploit the vulnerability.
  • None (N): There is no requirement for the attacker to authenticate.

The confidentiality (C) metric describes the impact on the confidentiality of data processed by the system.

  • None (N): There is no impact on the confidentiality of the system.
  • Partial (P): There is considerable disclosure of information, but the scope of the loss is constrained such that not all of the data is available.
  • Complete (C): There is total information disclosure, providing access to any / all data on the system. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact.

The Integrity (I) metric describes the impact on the integrity of the exploited system.

  • None (N): There is no impact on the integrity of the system.
  • Partial (P): Modification of some data or system files is possible, but the scope of the modification is limited.
  • Complete (C): There is total loss of integrity; the attacker can modify any files or information on the target system.

The availability (A) metric describes the impact on the availability of the target system. Attacks that consume network bandwidth, processor cycles, memory or any other resources affect the availability of a system.

  • None (N): There is no impact on the availability of the system.
  • Partial (P): There is reduced performance or loss of some functionality.
  • Complete (C): There is total loss of availability of the attacked resource.

References to Advisories, Solutions, and Tools

Name Resource Tags URL
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413
DSA-4248 https://www.debian.org/security/2018/dsa-4248
[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html

Weakness Enumeration

CWE-ID CWE Name CWE Description
CWE-190 Integer Overflow or Wraparound The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

CAPEC

Name ID Description URL
Forced Integer Overflow CAPEC-92 This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code. https://capec.mitre.org/data/definitions/92.html

MITRE ATT&CK

Name ID Description Kill chain phases URL
No data reported yet

Known Affected Software Configurations

Configuration 1
Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Is matched Alert Date Alert UUID Alert Patched Version Range
blender blender 2.78c * * * * * * *
Configuration 2
Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Is matched Alert Date Alert UUID Alert Patched Version Range
debian debian_linux 9.0 * * * * * * *
debian debian_linux 8.0 * * * * * * *

Relationship graph

This bundle is too large to view on the graph, please export the data and load into a STIX 2.1 compatible product.

Updated History

Date Type
April 24, 2018, 7:29 p.m. Created At
March 19, 2019, 1:14 p.m. Updated At