WARNING! Fake news / Disputed / BOGUS

Filesystem access in DOSBox 0.72

2007-12-14 / 2007-12-15
Credit: Luigi Auriemma
Risk: Medium
Local: Yes
Remote: No
CVE: CVE-2007-6328
CWE: CWE-Other


CVSS Base Score: 7.2/10
Impact Subscore: 10/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

####################################################################### Luigi Auriemma Application: DOSBox http://dosbox.sourceforge.net Versions: <= 0.72 and current CVS Platforms: Windows, Linux, *BSD and Mac Bug: access to the filesystem Exploitation: local Date: 10 Dec 2007 Author: Luigi Auriemma e-mail: aluigi (at) autistici (dot) org [email concealed] web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== DOSBox is an excellent emulator for running software written for the DOS environment like programs and games (moreover abandonware games which are very used today). ####################################################################### ====== 2) Bug ====== DOSBox acts as a virtual machine in which the filesystem is limited to the folders that the user decides to mount as virtual drives and any instruction is emulated within DOSBox without accessing the external resources and memory. So practically the emulated DOS program can work only inside this "cage" (that's also why is possible to run viruses and malware without problems for the system). Anyway although these limitations exists a very simple way to gain access to the entire real filesystem (so not only the virtual one) because the MOUNT command used by DOSBox for mounting the real folders as virtual drives can be called just by the same emulated program. In short if the program executes system("mount x c:\"); it gains read/write access to the C: disk where is then possible to modify all the files on which the user has access (like for example placing the execution of a program at the next reboot or substituiting a valid executable with a custom one). MOUNT is not the only DOSBox related command available (check the Z: disk) but is the only one which has a real security impact if executed. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/dosboxxx.zip ####################################################################### ====== 4) Fix ====== The developers don't think this can be considered a security problem while in my opinion doing something outside the environment created by the virtual machine must be considered a risk. ####################################################################### --- Luigi Auriemma http://aluigi.org


See this note in RAW Version
Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top