CIRCLean - security advisory 01 - polyglot file vulnerability - CVE-2015-4096

CIRCLean - security advisory 01 - polyglot file vulnerability - CVE-2015-4096

Back to CIRCLean - USB key sanitizer

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Search


CIRCL is accredited TI CIRCL is FIRST member

Polyglot file vulnerability

CIRCLean (up to version 1.2) analysis can be bypassed by using polygot files. An attacker could create a file with fake headers and add the malicious content later on. As the test was only performed using the file magic, the attacker could pass the file to the destination USB key.

Version vulnerable

CIRCLean version up to 1.2 are affected by this vulnerability.

Fixes

CIRCLean version starting from 1.3 includes a fix and an improved mechanism for detecting polygot files.

CVE

CVE-2015-4096

Acknowledgement

CIRCL would like to thank the reporters (Jann Horn, seclab-solutions).