"Narf Industries" info@narfindustries.com
Narf Industries (NRFIN)
Confident Authentication Terminal (CAT) provides real time RAM access for remote auditors. CAT is a client for a fictional CAT protocol designed for use in regulation-heavy industries, such as the gaming industry, where regulatory bodies need to be able to query RAM contents on demand.
CAT provides legitimate mechanisms to (R)ead and (W)rite most of the virtual address space, but is not supposed to provide a means to introduce and cause execution of externally provided instructions. In other words, there are many ways to cause a SIGSEGV, but few ways to do anything useful with it.
Notably, direct (R)eads to the FLAG page, which simulates protected proprietary information are disallowed.
This CB, the CAT client, allows for (W)rites to its .data segment. This is not specified by the CAT protocol and is, in fact, an implementation error. This allowance is the basis of the vulnerability. Patched variants disallow such access and send an error response.
Absent the ability to (W)rite to the .data segment, it should become infeasible to redirect control flow to unintended locations.
Improper input validation Improper validation of array index Information Exposure Through Sent Data
CWE-20: Improper input validation CWE-129: Improper validation of array index CWE-201: Information Exposure Through Sent Data
Curated by Lunge Technology, LLC. Questions or comments? Send us email