Jump to content
Not connected, Your IP: 34.204.0.181
Staff

Eddie Windows installer - Vulnerability disclosure - ​NSIS bug 1125

Recommended Posts

Hello!

 

Vulnerability affecting Eddie for Windows installing packages downloaded earlier than Tue May 15 12:51:22 UTC 2018 in already compromised systems.

 

Any other package type for Windows and any package type for any Operating System is not and has never been affected.

 

Eddie Windows NSIS installers have three vulnerabilities described in ​NSIS bug 1125. The most serious of these issues (#1) allows running unsolicited code and an escalation of privilege attack using DLL Search Order Hijacking (​CAPEC-471) as Eddie Windows installers are generally executed with Admin privileges. What NSIS/Windows does is actually prefer loading DLLs in the current directory, which in case of the Downloads folder is writable by the user. Thus the vulnerability is trivial to exploit, but only if the attacker has already managed to get a malicious DLL into user's Downloads folder

https://sourceforge.net/p/nsis/bugs/1125/

 

This issue was brought to our attention by Kushal Arvind Shah of Fortinet's FortiGuard Labs

on May 14, 2018 and fixed by us Tue May 15 12:51:22 UTC 2018 in any Eddie 2.13.* Windows installer releases and above. Download of older versions has been disabled.

 

Side note: any Eddie version older than 2.13.6 for any system has now been removed from the download list. Such versions are obsolete and the removal complies to security considerations as well as compatibility considerations with the developments of the respective Operating Systems.

Share this post


Link to post

Nicely done by the fortinet guys for identifying and reporting the issue and to the developers for fixing the issue. The good news is that it had to be a targetted attack for it to work which would be improbable to happen to 99.99999% of users.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...