CVE-2019-19785
📋 TL;DR
CVE-2019-19785 is a stack-based buffer overflow vulnerability in ATasm 1.06's to_comma() function in asm.c that can be triggered by processing a malicious .m65 file. This vulnerability allows attackers to execute arbitrary code or cause denial of service. Users of ATasm 1.06 who process untrusted .m65 files are affected.
💻 Affected Systems
- ATasm
📦 What is this software?
Atasm by Atasm Project
Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the ATasm process, potentially leading to full system compromise.
Likely Case
Application crash (denial of service) when processing malicious files.
If Mitigated
Limited impact if ATasm runs with minimal privileges and processes only trusted files.
🎯 Exploit Status
Exploitation requires the victim to process a specially crafted .m65 file. The bug report includes details that could be used to create exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.07 or later
Vendor Advisory: https://sourceforge.net/p/atasm/bugs/8/
Restart Required: No
Instructions:
1. Download ATasm 1.07 or later from the official source. 2. Replace the vulnerable version with the updated version. 3. No restart required as ATasm is a command-line tool.
🔧 Temporary Workarounds
Avoid processing untrusted .m65 files
allOnly process .m65 files from trusted sources to prevent exploitation.
Run ATasm with reduced privileges
linuxExecute ATasm with minimal user privileges to limit potential damage from exploitation.
sudo -u lowprivilegeuser atasm [options]
🧯 If You Can't Patch
- Implement strict file validation: only allow .m65 files from verified, trusted sources.
- Run ATasm in a sandboxed environment or container to limit the impact of potential exploitation.
🔍 How to Verify
Check if Vulnerable:
Check ATasm version: 'atasm --version' or examine the binary. If version is 1.06, the system is vulnerable.Check Version:
atasm --versionVerify Fix Applied:
After updating, run 'atasm --version' to confirm version is 1.07 or later.📡 Detection & Monitoring
Log Indicators:
- ATasm process crashes with segmentation faults when processing .m65 files
- Unexpected child processes spawned from ATasm
Network Indicators:
- Not applicable - this is a local file processing vulnerability
SIEM Query:
Process:atasm AND (EventID:1000 OR Signal:SIGSEGV) OR Process:atasm AND ChildProcess:*🔗 References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUABDG4CEAY2FVPM3CFFCZMOKSTEKGXX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O6XQMOLMWHUDBN3PQJYGVULLNUBMGGJH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJYUV3PKSIGBZGJ6PXAGTT2LW6HLPMS/
- https://sourceforge.net/p/atasm/bugs/8/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUABDG4CEAY2FVPM3CFFCZMOKSTEKGXX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O6XQMOLMWHUDBN3PQJYGVULLNUBMGGJH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJYUV3PKSIGBZGJ6PXAGTT2LW6HLPMS/
- https://sourceforge.net/p/atasm/bugs/8/
