Challenge Information - NRFIN_00054

Commonly known as: PTaaS


Rounds Enabled

37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51

Details

Original Versions

Known Vulnerabilities

  • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-416 - Use After Free
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
  • CWE-704 - Incorrect Type Conversion or Cast
  • CWE-825 - Expired Pointer Dereference
  • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
  • CWEs are listed as indicated by the challenge author.

Deployed patches

Deployed IDS rules

None

Author Information

"Maxwell Koo" info@narfindustries.com

DARPA performer group

Narf Industries (NRFIN)

Description

Path Tracer as a Service brings the latest in photorealistic computer graphics to your fingertips, anywhere in the world! Our state of the art path tracing software renders your 3D scenes into breathtaking HD...ish images. Simply input a description of your scene consisting of a camera and spheres or planes, and in no time a rendering of your image will be available for you to download and enjoy.

Feature List

This service is a path tracing program which supports a textual interface for inputing information about a 3D scene and rendering an image of that scene into a fixed size image in PPM format.

  • Parses descriptions of 3D scenes consisting of geometric primitives
  • Supports spheres and planes
  • Can have either diffuse or specular reflection
  • Objects can emit light

Vulnerability 1

This program will reuse stale data from partially constructed objects while constructing the primitives making up a scene. This will allow an attacker to control a function pointer and register argument by overlapping this with invalid data from another type of object.

Generic class of vulnerability

Use after free

CWE classification

CWE-119 Improper restriction of operations within the bounds of a memory buffer CWE-416 Use after free CWE-703 Improper check or handling of exceptional conditions CWE-704 Incorrect type conversion or cast CWE-825 Expired pointer dereference CWE-843 Access of resource using incompatible type

Challenges

  • The textual input required by the tool requires input in a specific format, increasing the difficulty of reaching the vulnerable state via blind fuzzing.
  • The usage of many floating point operations increases the difficulty of analyzing the vulnerability once found and finding how to control the inputs in such a way to reliably prove the vulnerability. A way to pack in the required values into double-values, which can then be converted to and from strings by the limited parsers in the binary, is needed to gain full control.
  • Although the fix demonstrated in the patched version of the binary is simple, fixing the binary autonomously is complicated by the use of a custom tagged union representation for the core type of the program; the semantics of which increase the challenge of determining which operations are allowed or not and where the stale data is being utilized.

Difficulty

  • Discovering is medium
  • Proving is hard
  • Fixing is medium

POV Information

Round Source Destination Result POV Analysis Video
38 CSDS CodeJitsu Failed POV POV Watch
38 CSDS DeepRed Failed POV POV Watch
38 CSDS Disekt Failed POV POV Watch
38 CSDS ForAllSecure Failed POV POV Watch
38 CSDS Shellphish Failed POV POV Watch
38 CSDS TECHx Failed POV POV Watch
38 DeepRed CodeJitsu Failed POV POV Watch
38 DeepRed CSDS Failed POV POV Watch
38 DeepRed Disekt Failed POV POV Watch
38 DeepRed ForAllSecure Failed POV POV Watch
38 DeepRed Shellphish Failed POV POV Watch
38 DeepRed TECHx Failed POV POV Watch
39 CSDS CodeJitsu Failed POV POV Watch
39 CSDS DeepRed Failed POV POV Watch
39 CSDS Disekt Failed POV POV Watch
39 CSDS ForAllSecure Failed POV POV Watch
39 CSDS Shellphish Failed POV POV Watch
39 CSDS TECHx Failed POV POV Watch
39 DeepRed CodeJitsu Failed POV POV Watch
39 DeepRed CSDS Failed POV POV Watch
39 DeepRed Disekt Failed POV POV Watch
39 DeepRed ForAllSecure Failed POV POV Watch
39 DeepRed Shellphish Failed POV POV Watch
39 DeepRed TECHx Failed POV POV Watch
40 CodeJitsu Shellphish Failed POV through defenses POV Watch
40 CSDS CodeJitsu Failed POV POV Watch
40 CSDS DeepRed Failed POV POV Watch
40 CSDS Disekt Failed POV POV Watch
40 CSDS ForAllSecure Failed POV POV Watch
40 CSDS Shellphish Failed POV through defenses POV Watch
40 CSDS TECHx Failed POV POV Watch
40 DeepRed CodeJitsu Failed POV POV Watch
40 DeepRed CSDS Failed POV POV Watch
40 DeepRed Disekt Failed POV POV Watch
40 DeepRed ForAllSecure Failed POV POV Watch
40 DeepRed Shellphish Failed POV through defenses POV Watch
40 DeepRed TECHx Failed POV POV Watch
41 CSDS CodeJitsu Failed POV POV Watch
41 CSDS DeepRed Failed POV POV Watch
41 CSDS Disekt Failed POV POV Watch
41 CSDS ForAllSecure Failed POV POV Watch
41 CSDS Shellphish Failed POV through defenses POV Watch
41 CSDS TECHx Failed POV POV Watch
41 DeepRed CodeJitsu Failed POV POV Watch
41 DeepRed CSDS Failed POV POV Watch
41 DeepRed Disekt Failed POV POV Watch
41 DeepRed ForAllSecure Failed POV POV Watch
41 DeepRed Shellphish Failed POV through defenses POV Watch
41 DeepRed TECHx Failed POV POV Watch
42 CSDS CodeJitsu Failed POV through defenses POV Watch
42 CSDS DeepRed Failed POV POV Watch
42 CSDS Disekt Failed POV POV Watch
42 CSDS ForAllSecure Failed POV POV Watch
42 CSDS Shellphish Failed POV through defenses POV Watch
42 CSDS TECHx Failed POV POV Watch
42 DeepRed CodeJitsu Failed POV through defenses POV Watch
42 DeepRed CSDS Failed POV POV Watch
42 DeepRed Disekt Failed POV POV Watch
42 DeepRed ForAllSecure Failed POV POV Watch
42 DeepRed Shellphish Failed POV through defenses POV Watch
42 DeepRed TECHx Failed POV POV Watch
43 CodeJitsu Shellphish Failed POV POV Watch
43 CSDS CodeJitsu Failed POV through defenses POV Watch
43 CSDS DeepRed Failed POV POV Watch
43 CSDS Disekt Failed POV POV Watch
43 CSDS ForAllSecure Failed POV POV Watch
43 CSDS Shellphish Failed POV POV Watch
43 CSDS TECHx Failed POV POV Watch
43 DeepRed CodeJitsu Failed POV through defenses POV Watch
43 DeepRed CSDS Failed POV POV Watch
43 DeepRed Disekt Failed POV POV Watch
43 DeepRed ForAllSecure Failed POV POV Watch
43 DeepRed Shellphish Failed POV POV Watch
43 DeepRed TECHx Failed POV POV Watch
44 CodeJitsu Disekt Failed POV through defenses POV Watch
44 CSDS CodeJitsu Failed POV through defenses POV Watch
44 CSDS DeepRed Failed POV POV Watch
44 CSDS Disekt Failed POV through defenses POV Watch
44 CSDS ForAllSecure Failed POV POV Watch
44 CSDS Shellphish Failed POV POV Watch
44 CSDS TECHx Failed POV POV Watch
44 DeepRed CodeJitsu Failed POV through defenses POV Watch
44 DeepRed CSDS Failed POV POV Watch
44 DeepRed Disekt Failed POV through defenses POV Watch
44 DeepRed ForAllSecure Failed POV POV Watch
44 DeepRed Shellphish Failed POV POV Watch
44 DeepRed TECHx Failed POV POV Watch
45 CSDS CodeJitsu Failed POV through defenses POV Watch
45 CSDS DeepRed Failed POV POV Watch
45 CSDS Disekt Failed POV through defenses POV Watch
45 CSDS ForAllSecure Failed POV POV Watch
45 CSDS Shellphish Failed POV POV Watch
45 CSDS TECHx Failed POV POV Watch
45 DeepRed CodeJitsu Failed POV through defenses POV Watch
45 DeepRed CSDS Failed POV POV Watch
45 DeepRed Disekt Failed POV through defenses POV Watch
45 DeepRed ForAllSecure Failed POV POV Watch
45 DeepRed Shellphish Failed POV POV Watch
45 DeepRed TECHx Failed POV POV Watch
46 CSDS CodeJitsu Failed POV through defenses POV Watch
46 CSDS DeepRed Failed POV POV Watch
46 CSDS Disekt Failed POV through defenses POV Watch
46 CSDS ForAllSecure Failed POV POV Watch
46 CSDS Shellphish Failed POV POV Watch
46 CSDS TECHx Failed POV POV Watch
46 DeepRed CodeJitsu Failed POV through defenses POV Watch
46 DeepRed CSDS Failed POV POV Watch
46 DeepRed Disekt Failed POV through defenses POV Watch
46 DeepRed ForAllSecure Failed POV POV Watch
46 DeepRed Shellphish Failed POV POV Watch
46 DeepRed TECHx Failed POV POV Watch
47 CSDS CodeJitsu Failed POV through defenses POV Watch
47 CSDS DeepRed Failed POV POV Watch
47 CSDS Disekt Failed POV through defenses POV Watch
47 CSDS ForAllSecure Failed POV POV Watch
47 CSDS Shellphish Failed POV POV Watch
47 CSDS TECHx Failed POV POV Watch
47 DeepRed CodeJitsu Failed POV through defenses POV Watch
47 DeepRed CSDS Failed POV POV Watch
47 DeepRed Disekt Failed POV through defenses POV Watch
47 DeepRed ForAllSecure Failed POV POV Watch
47 DeepRed Shellphish Failed POV POV Watch
47 DeepRed TECHx Failed POV POV Watch
48 CSDS CodeJitsu Failed POV through defenses POV Watch
48 CSDS DeepRed Failed POV POV Watch
48 CSDS Disekt Failed POV through defenses POV Watch
48 CSDS ForAllSecure Failed POV POV Watch
48 CSDS Shellphish Failed POV POV Watch
48 CSDS TECHx Failed POV POV Watch
48 DeepRed CodeJitsu Failed POV through defenses POV Watch
48 DeepRed CSDS Failed POV POV Watch
48 DeepRed Disekt Failed POV through defenses POV Watch
48 DeepRed ForAllSecure Failed POV POV Watch
48 DeepRed Shellphish Failed POV POV Watch
48 DeepRed TECHx Failed POV POV Watch
49 CSDS CodeJitsu Failed POV through defenses POV Watch
49 CSDS DeepRed Failed POV POV Watch
49 CSDS Disekt Failed POV through defenses POV Watch
49 CSDS ForAllSecure Failed POV POV Watch
49 CSDS Shellphish Failed POV POV Watch
49 CSDS TECHx Failed POV POV Watch
49 DeepRed CodeJitsu Failed POV through defenses POV Watch
49 DeepRed CSDS Failed POV POV Watch
49 DeepRed Disekt Failed POV through defenses POV Watch
49 DeepRed ForAllSecure Failed POV POV Watch
49 DeepRed Shellphish Failed POV POV Watch
49 DeepRed TECHx Failed POV POV Watch
49 ForAllSecure CodeJitsu Failed POV through defenses POV Watch
49 ForAllSecure CSDS Failed POV POV Watch
49 ForAllSecure DeepRed Failed POV POV Watch
49 ForAllSecure Disekt Failed POV through defenses POV Watch
49 ForAllSecure Shellphish Failed POV POV Watch
49 ForAllSecure TECHx Failed POV POV Watch
50 CSDS CodeJitsu Failed POV through defenses POV Watch
50 CSDS DeepRed Failed POV POV Watch
50 CSDS Disekt Failed POV through defenses POV Watch
50 CSDS ForAllSecure Failed POV POV Watch
50 CSDS Shellphish Failed POV POV Watch
50 CSDS TECHx Failed POV POV Watch
50 DeepRed CodeJitsu Failed POV through defenses POV Watch
50 DeepRed CSDS Failed POV POV Watch
50 DeepRed Disekt Failed POV through defenses POV Watch
50 DeepRed ForAllSecure Failed POV POV Watch
50 DeepRed Shellphish Failed POV POV Watch
50 DeepRed TECHx Failed POV POV Watch
50 ForAllSecure CodeJitsu Failed POV through defenses POV Watch
50 ForAllSecure CSDS Failed POV POV Watch
50 ForAllSecure DeepRed Failed POV POV Watch
50 ForAllSecure Disekt Failed POV through defenses POV Watch
50 ForAllSecure Shellphish Failed POV POV Watch
50 ForAllSecure TECHx Failed POV POV Watch
51 CSDS CodeJitsu Failed POV through defenses POV Watch
51 CSDS DeepRed Failed POV POV Watch
51 CSDS Disekt Failed POV through defenses POV Watch
51 CSDS ForAllSecure Failed POV POV Watch
51 CSDS Shellphish Failed POV POV Watch
51 CSDS TECHx Failed POV POV Watch
51 DeepRed CodeJitsu Failed POV through defenses POV Watch
51 DeepRed CSDS Failed POV POV Watch
51 DeepRed Disekt Failed POV through defenses POV Watch
51 DeepRed ForAllSecure Failed POV POV Watch
51 DeepRed Shellphish Failed POV POV Watch
51 DeepRed TECHx Failed POV POV Watch
51 ForAllSecure CodeJitsu Failed POV through defenses POV Watch
51 ForAllSecure CSDS Failed POV POV Watch
51 ForAllSecure DeepRed Failed POV POV Watch
51 ForAllSecure Disekt Failed POV through defenses POV Watch
51 ForAllSecure Shellphish Failed POV POV Watch
51 ForAllSecure TECHx Failed POV POV Watch

Curated by Lunge Technology, LLC. Questions or comments? Send us email