Security Advisories

Buffer overflow in Windows filesystem driver (KB003)

Publication Date

2018 Dec 25

Description

On Windows, the Keybase filesystem optionally mounts via drivers provided by the Dokan project. A stack-based buffer overflow in the dokan driver has been discovered by Parvez Anwar (@parvezghh) and reported by CERT Coordination Center as CVE-2018-5410. Dokan was not checking the length of the path argument during mount.

The Fix

The immediate fix was a change to Fix Buffer Overflow by adding mount length path check. After Dokan released a version containing this fix, Keybase added the upgraded package version 1.2.1.2000 and added a check to not mount to older drivers , and included these in a hotfix update, version 2.12.3-20181221135356+d161abd500.

Affected Versions

Keybase versions release prior to December 21, 2018 (commit 0752668), and prior to 2.12.3-20181221135356.

Remediation

Upgrade to 2.12.3-20181221135356 or above, then follow the prompts to uninstall Dokan and install the newest version. Or, just install Dokan 1.2.1.2000.

Timeline

  • 2018 December 11 — Dokan notifies Keybase of buffer overflow and upcoming release
  • 2018 December 20 — Dokan announces release 1.2.1.1000 ahead of publication by CERT
  • 2018 December 21 — New Keybase Windows release (2.12.3-20181221135356)
  • 2018 Dec 25 — This announcement