Breakpoint Security: Encase Pre-Advisory
Breakpoint Security Advisory
Affected Vendor:
Guidance Software
Affected Products:
Encase 5.0 and possibly other version
Background:
With Encase's recent response to the iSec's security report and their
ability to both market their product while at the same time minimizing their
products issues, Breakpoint Security decided to advise Encase to take their
software's assurance a bit more serious. In the course of 6 hours researchers
from Breakpoint Security conducted not so intensive tests of about 10 scenarios
utilizing specialized proprietary software like dd, xxd and ultraedit.
As a result of this testing regimen, Breakpoint Security was able to
identify multiple bugs in Encase. All the testing done OBVIOUSLY involved
intentionally corrupted files. We contend that any issues found in software
written for forensic purposes must not fall victim to possibly infected images.
While this problem may simply postpone an investigation, other more critical
issues could result in more intrusive actions.
Vulnerability Details:
Vulnerability details will be disclosed at a later date. The vulnerability
resides in Encase's file system parsing. The malicious user can force encase
into an infinite recursion loop, exhausting the stack.
Credit:
Breakpoint Security Research Team http://www.breakpointsecurity.net/