- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23427
- Проверка EDB
-
- Пройдено
- Автор
- COOLKAVEH
- Тип уязвимости
- DOS
- Платформа
- LINUX
- CVE
- null
- Дата публикации
- 2012-12-16
Код:
Title : Totem movie player(Ubuntu)stack corruption
Version : 3.4.3 GStreamer 0.10.36
Date : 2012-12-15
Vendor : http://projects.gnome.org/totem/index.html
Impact : Med/High
Contact : coolkaveh [at] rocketmail.com
Twitter : @coolkaveh
tested : Ubuntu 12.10 desktop 32 bit
Author : coolkaveh
################################################################################################
Totem is the official movie player of the GNOME desktop environment based on
GStreamer and its ubuntu default movie player
###############################################################################################
Bug :
----
The vulnerability cause a stack corruption (division by zero) via a specially crafted Avi files
That will trigger a denial of service condition
----
###############################################################################################
Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread 0xafe89b40 (LWP 21171)]
0xaf625080 in gst_riff_create_audio_caps () from /usr/lib/i386-linux-gnu/libgstriff-0.10.so.0
process 21159
0xaf62507b <+1883>: mov edx,eax
0xaf62507d <+1885>: sar edx,0x1f
=> 0xaf625080 <+1888>: idiv edi
0xaf625082 <+1890>: mov esi,eax
0xaf625084 <+1892>: movzx eax,WORD PTR [ecx+0xe]
0xaf625088 <+1896>: cmp ax,0x20
eax 0x20 32
ecx 0x805cbf80 -2141405312
edx 0x0 0
ebx 0xaf62cff4 -1352478732
esp 0xafe88de0 0xafe88de0
ebp 0xafe88f1c 0xafe88f1c
esi 0x805832c0 -2141703488
edi 0x0 0
eip 0xaf625080 0xaf625080 <gst_riff_create_audio_caps+1888>
eflags 0x210246 [ PF ZF IF RF ID ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
si_addr:$2 = (void *) 0xaf625080 <gst_riff_create_audio_caps+1888>
#0 0xaf625080 in gst_riff_create_audio_caps () from /usr/lib/i386-linux-gnu/libgstriff-0.10.so.0
##################################################################################################
Proof of concept included.
http://www41.zippyshare.com/v/13083235/file.html
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23427.rar
- Источник
- www.exploit-db.com