Weeks after the much-hyped Ghidra was unveiled at the RSA Conference, the security tool is in limelight again in the midst of the first vulnerability revealed in it.
It appears that a security expert who goes by the name sghctoma discovered a serious flaw in the open-source, reverse engineering tool. The expert has also detailed steps on exploiting this loophole in a GitHub post.
What is the bug?
How to recreate the bug behavior?
Sghctoma explains how this bug could be created in Ghidra. The method is described below.
“Steps to reproduce the behavior:
The same concept works with archived projects (.gar files) too.”
Meanwhile, another analysis by Tencent Security also revealed more details on the bug. “Based on our prior research on XXE vulnerability exploitation, we found that attackers can abuse Java features and weaknesses in NTLM protocol in the Windows operating system to achieve remote code execution,” the Tencent researchers wrote.
Bug addressed in next version
As per latest updates, this bug has been addressed in the latest version of Ghidra -- 9.0.1.