Vulnerabilities > CVE-2020-8896 - Classic Buffer Overflow vulnerability in Google Earth

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

google

CWE-120

nessus

NVD

Published: 2020-05-04

Updated: 2020-05-08

Summary

A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted key to read data past the end of the buffer used to hold it. Mitigation: Update to Google Earth Pro 7.3.3.

Vulnerable Configurations

Part	Description	Count
Application	Google Google Earth 5.0 Google Earth 5.0.1 Google Earth 5.1 Google Earth 6.0.2 Google Earth 6.1 Google Earth 6.2 Google Earth 7.0 Google Earth 7.0.2 Google Earth 7.0.3.8542 Google Earth 7.1.1.1580 Google Earth 7.1.1.1871 Google Earth 7.1.1.1888 Google Earth 7.1.2.2041 Google Earth 7.1.4.1529 Google Earth 7.1.5.1557 Google Earth 7.1.7.2600 Google Earth 7.1.7.2602 Google Earth 7.1.7.2606 Google Earth 7.1.8.3036 Google Earth 7.3.0 Google Earth 7.3.1 Google Earth 7.3.2	22

Common Weakness Enumeration (CWE)

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	Windows
NASL id	GOOGLE_EARTH_CVE-2020-8895.NASL
description	The version of Google Earth Pro installed on the remote host is prior to 7.3.3. It is, therefore, affected by the following vulnerabilities : - A DLL hijacking vulnerability exists in the Windows installer due to the use of an untrusted search path. An unauthenticated, local attacker can exploit this, via inserting a malicious file, to bypass authentication and execute arbitrary code. (CVE-2020-8895) - A buffer overflow condition exists in khcrypt implementation. An unauthenticated, adjacent attacker can exploit this, via a specially crafted key, to execute a MitM attack. (CVE-2020-8896) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-05-06
modified	2020-05-01
plugin id	136192
published	2020-05-01
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136192
title	Google Earth Pro < 7.3.3 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(136192); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id("CVE-2020-8895", "CVE-2020-8896"); script_xref(name:"IAVA", value:"2020-A-0179"); script_name(english:"Google Earth Pro < 7.3.3 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "The Google Earth Pro installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Earth Pro installed on the remote host is prior to 7.3.3. It is, therefore, affected by the following vulnerabilities : - A DLL hijacking vulnerability exists in the Windows installer due to the use of an untrusted search path. An unauthenticated, local attacker can exploit this, via inserting a malicious file, to bypass authentication and execute arbitrary code. (CVE-2020-8895) - A buffer overflow condition exists in khcrypt implementation. An unauthenticated, adjacent attacker can exploit this, via a specially crafted key, to execute a MitM attack. (CVE-2020-8896) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://support.google.com/earth/answer/40901"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Earth Pro version 7.3.3 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8895"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/21"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:earth"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_earth_detect_win.nbin"); script_require_keys("installed_sw/Google Earth Pro"); exit(0); } include('vcf.inc'); app_info = vcf::get_app_info(app:'Google Earth Pro'); constraints = [ { 'fixed_version' : '7.3.3' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

References

https://support.google.com/earth/answer/40901