Open FKStein opened 7 years ago
Two more vulnerabilities:
Both of these are affecting 2.1.0
. Based on commits since then, it doesn't look like these problems have been addressed, though I could be mistaken.
These issues are all with Dicom listener and the Web server. Disabling the services (Preferences>Sharing>Listener
and Preferences>Sharing>Web Server
) until further notice seems prudent.
Cannot reproduce the first vulnerability (URL traversal) http://127.0.0.1:3333/.../...//.../...//.../...//.../...//.../...//etc/passwd
Any one else have tried ? I get 404 error, the file is not accessed, the URL is filtered out. I'll try the others vulnerabilities later.
Horos version : 2.1.1 OSX : 10.12.3
I was able to reproduce this.
OK thank you, now I can reproduce (the app need to be in /Applications) for this path. I'm checking how to solve the problem.
Remote Memory Overflow This security issue has been addressed in dcmtk 3.6.0, Horos uses the version 3.5.3, upgrade or patch is needed. I'm too new to the project to make a change, I'll study the impact.
A vulnerability has been discovered in the association negotiation code that can be abused to cause a buffer overflow. This may cause the application to crash or to possibly execute malicious code provided by the caller). The issue, which is located in dcmnet/libsrc/dulparse.cc, has been fixed by commit 1b6bb76 on Dec 14, 2015. User who want to fix this vulnerability while continuing to use DCMTK 3.6.0 are advised to back-port this commit to their DCMTK 3.6.0 source tree, which is straightforward. Also see latest snapshot where this issue is already solved.
If you use Horos on Internet, you need to be aware of a major security issue:
https://www.exploit-db.com/exploits/40930/