<<< Date Index >>>     <<< Thread Index >>>

Breakpoint Security: Encase Pre-Advisory



Breakpoint Security Advisory

Affected Vendor:

Guidance Software

Affected Products:

Encase 5.0 and possibly other version

Background:

    With Encase's recent response to the iSec's security report and their 
ability to both market their product while at the same time minimizing their 
products issues, Breakpoint Security decided to advise Encase to take their 
software's assurance a bit more serious.  In the course of 6 hours researchers 
from Breakpoint Security conducted not so intensive tests of about 10 scenarios 
utilizing specialized proprietary software like dd, xxd and ultraedit. 
    As a result of this testing regimen, Breakpoint Security was able to 
identify multiple bugs in Encase.  All the testing done OBVIOUSLY involved 
intentionally corrupted files. We contend that any issues found in software 
written for forensic purposes must not fall victim to possibly infected images. 
 While this problem may simply postpone an investigation, other more critical 
issues could result in more intrusive actions.

 

Vulnerability Details:

Vulnerability details will be disclosed at a later date. The vulnerability 
resides in Encase's file system parsing. The malicious user can force encase 
into an infinite recursion loop, exhausting the stack.

 

Credit:

Breakpoint Security Research Team http://www.breakpointsecurity.net/