Linux XFBurn Stack-based Buffer Overflow

2017.03.24
Credit: Hosein Askari
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-121

################ #Exploit Title: Linux XFBurn Stack-based Buffer Overflow #Type: CWE-121 #Exploit Author: Hosein Askari (FarazPajohan) #Vendor HomePage: http://goodies.xfce.org/projects/applications/xfburn #Version : 0.5.4 #Tested on: Ubuntu 17.04 #Date: 24-03-2017 #Category: Application #Author Mail : hosein.askari@aol.com #Description: This application isn't checking the return value of fopen() before using it. fopen() is failing here, returning NULL, and then NULL is passed as the stream to fprintf() #resulting Segmentation Fault. ################# The kernel output | dmesg : [ 2963.870884] xfburn[3739]: segfault at 0 ip 00007f1c9255f6f8 sp 00007ffd53ac2e70 error 4 in libc-2.23.so[7f1c924f1000+1bf000] ################# The GDB output: Thread 1 "xfburn" received signal SIGSEGV, Segmentation fault. __GI__IO_fwrite (buf=0x555555584510, size=1, count=40, fp=0x0) at iofwrite.c:37 #################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top