There have been various recent(-ish) vulnerabilities found in the BOINC
software for desktop grid computing. The major projects have (hopefully)
fixed all of these by now, and the clients should only be vulnerable if
they're connected to a hostile server.
The commit ids below are all from the boinc-v2 repository, see
http://boinc.berkeley.edu/trac/browser/boinc-v2 for a web view.
These are the ones I consider to be obviously important:
* CVE-2013-2298: various stack overflow vulnerabilities in the XML parser
used by both the client and server software. I think that any 7.x version
is vulnerable, but possibly not the 6.12 branch or earlier. No promises.
(Found/reported by me. I notified all public projects I could find who
were running obviously-vulnerable copies of the code, in early March.)
http://thread.gmane.org/gmane.comp.distributed.boinc.user/3741
2fea03824925cbcb976f4191f4d8321e41a4d95b
* Stack overflow in the client code by providing multiple file_signature
elements. 6.10.58 and 6.12.34 are vulnerable. 7.x isn't.
(This was fixed back in 2011, possibly accidentally.)
9a4140ae30a72e5175f3f31646d91f2d58df7156
* SQL injections in the server-side scheduler code:
(Found/reported by me. I warned projects about this at the same time
as the the above notifications, hopefully they've mostly patched it..)
http://thread.gmane.org/gmane.comp.distributed.boinc.user/3776
3ced18ddaaea5e03d2cc70f8cce5ab214b4d5635
* SQL injections in the user-facing web scripts:
(These were possibly found by Michael Voß, see
http://www.mdr.de/mdr-info/hacker-boinc100.html )
http://thread.gmane.org/gmane.comp.distributed.boinc.user/3658
e8d6c33fe158129a5616e18eb84a7a9d44aca15f
6e205de096da83b12ffb2f0183b43e51261eb0c4
ce3110489bc139b8218252ba1cb0862d69f72ae3
And some issues I'm not sure are quite so important:
* Stack overflows in the trickle code on server and client side:
(Fixed back in 2011, and these were only present in experimental 6.13.x
releases, as far as I know.)
5b04b249db166ec38c1ee99a9eadcaa300c0f454
ae04b50a71f3e96ee1bc59b76fca97cf0fe976f7
* From a few days ago, a possible format string issue(?) in the client
code:
(Noticed by Gianfranco Costamagna/Nicolás Alvarez judging by the thread)
http://thread.gmane.org/gmane.comp.distributed.boinc.devel/6416
99258dcecba8ef36e1ce0fd6e0dacffe53613ac9
* An SQL injection vulnerability in the locality code (apparently only
used by one known project), so I mention this just for completeness
just in case anyone happens to be using it:
2dbfdc55057b2c1f0508b56244044b1ad34e7cdb
- Alyssa Milburn
- amilburn@zall.org
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information