Security Updates
Buffer overflow in Windows filesystem driver (KB003)
Publication Date
2018 Dec 25
Externals Links
Description
On Windows, the Keybase filesystem optionally mounts via drivers provided by the Dokan project. A stack-based buffer overflow in the dokan driver has been discovered by Parvez Anwar (@parvezghh) and reported by CERT Coordination Center as CVE-2018-5410. Dokan was not checking the length of the path argument during mount.
The Fix
The immediate fix was a change to Fix Buffer Overflow by adding mount length path check. After Dokan released a version containing this fix, Keybase added the upgraded package version 1.2.1.2000 and added a check to not mount to older drivers , and included these in a hotfix update, version 2.12.3-20181221135356+d161abd500.
Affected Versions
Keybase versions release prior to December 21, 2018 (commit 0752668), and prior to 2.12.3-20181221135356.
Remediation
Upgrade to 2.12.3-20181221135356 or above, then follow the prompts to uninstall Dokan and install the newest version. Or, just install Dokan 1.2.1.2000.
Timeline
- 2018 December 11 — Dokan notifies Keybase of buffer overflow and upcoming release
- 2018 December 20 — Dokan announces release 1.2.1.1000 ahead of publication by CERT
- 2018 December 21 — New Keybase Windows release (2.12.3-20181221135356)
- 2018 Dec 25 — This announcement