Guidance EnCase Vul...
 
Notifications
Clear all

Guidance EnCase Vulnerabilities

2 Posts
2 Users
0 Likes
625 Views
(@c-r-s)
Posts: 170
Estimable Member
Topic starter
 

Vulnerability overview/description
———————————–
1) Denial of Service
Several manipulated hard disk images cause Encase Forensic Imager to crash. A suspect manipulating the hard drive could potentially hinder an investigator from using Encase Forensic Imager for creating hard disk images. Encase Forensic (v7) has been tested and found to be affected as well.

2) Heap-based buffer overflow
Using a manipulated ReiserFS image an attacker can overwrite heap memory on the investigator's machine. Because of several restrictions SEC Consult was unable to create an exploit that works reliably within a reasonable timeframe. However, as with most heap-based buffer overflow vulnerabilities it is possible that an attacker could gain arbitrary code execution nevertheless.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161128-0_Guidance_Software_Encase_DoS_heap_buffer_overflow_vulnerabilities_v10.txt

 
Posted : 07/12/2016 3:21 am
Chris_Ed
(@chris_ed)
Posts: 314
Reputable Member
 

Very interesting! It's a shame they are not releasing the image files - it would be good to see how other products handle this.

 
Posted : 08/12/2016 2:18 pm
Share: