Open FKStein opened 7 years ago
isolovey
commented
7 years ago Two more vulnerabilities:
Both of these are affecting 2.1.0. Based on commits since then, it doesn't look like these problems have been addressed, though I could be mistaken.
isolovey
commented
7 years ago These issues are all with Dicom listener and the Web server. Disabling the services (Preferences>Sharing>Listener and Preferences>Sharing>Web Server) until further notice seems prudent.
AndreFrelicot
commented
7 years ago Cannot reproduce the first vulnerability (URL traversal) http://127.0.0.1:3333/.../...//.../...//.../...//.../...//.../...//etc/passwd
Any one else have tried ? I get 404 error, the file is not accessed, the URL is filtered out. I'll try the others vulnerabilities later.
Horos version : 2.1.1 OSX : 10.12.3
aglv
commented
7 years ago I was able to reproduce this.
AndreFrelicot
commented
7 years ago OK thank you, now I can reproduce (the app need to be in /Applications) for this path. I'm checking how to solve the problem.
AndreFrelicot
commented
7 years ago Remote Memory Overflow This security issue has been addressed in dcmtk 3.6.0, Horos uses the version 3.5.3, upgrade or patch is needed. I'm too new to the project to make a change, I'll study the impact.
A vulnerability has been discovered in the association negotiation code that can be abused to cause a buffer overflow. This may cause the application to crash or to possibly execute malicious code provided by the caller). The issue, which is located in dcmnet/libsrc/dulparse.cc, has been fixed by commit 1b6bb76 on Dec 14, 2015. User who want to fix this vulnerability while continuing to use DCMTK 3.6.0 are advised to back-port this commit to their DCMTK 3.6.0 source tree, which is straightforward. Also see latest snapshot where this issue is already solved.
If you use Horos on Internet, you need to be aware of a major security issue:
https://www.exploit-db.com/exploits/40930/