Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62200612573
HistoryOct 29, 2006 - 12:00 a.m.

Links2. 0 vulnerability(suitable for beginners)-vulnerability warning-the black bar safety net

2006-10-2900:00:00
佚名
www.myhack58.com
6
JSON

Note: article first www. cciss. cn, by the original author of friendship submitted to the evil octal information security team.

Links2. 0 Use libpng Bring On Buffer Overflow

|=---------------=[ Links2. 0 found a Vulnerability]---------------=|
|=-----------------------------------------------------------------=|
|=---------------=[ 7all<cis7all_at_msn. cn> ]=---------------------=|
|=-----------------------------------------------------------------=|
|=---------------=[ Copyright:www. cciss. cn]=-----------------------=|

--] Description
links2. 0 use the presence of a vulnerability in the libpng library,resulting in a buffer overflow.

--] Links official home page
http://links.twibright.com/
http://tech.groups.yahoo.com/group/links-browser/

--]Links to download
http://links.twibright.com/download/lin … e23.tar.gz

--] Description
Links are a Unix/Linux the following WEB browsers. By the ncurses library supports text-mode WEB browsing.
The browser function also improvise,if in the BSD shell mode is a good choice,and can be downloaded
The specified file,the way to download with wget the same.

--] Vulnerability description
Yesterday,I in the analysis of the png image when found this vulnerability. libpng at 0 4 years published a
Series of vulnerabilities,but at the time did not pay attention. The vulnerability exists with libpng<=1.2.10 version,and
And in<=1.2.10 versions also exist some other vulnerability information.
The vulnerability is in FreeBSD4. 7 below using Links2. 0 debug,because there is no time to test
Latest The Links version,hope interested friends can own it debugging.
Because of this vulnerability too simple,would have been not to publish the vulnerability to the idea,today want to May
Some want to learn to overflow and vulnerability to tap friends to help,so the. core files packaged together to provide
Download test,hope it is some help.
Yesterday in the discovery of the vulnerability when really some excitement,because a lot of software using libpng. Debug.
A few tens of minutes to confirm the vulnerability,just go to google whether already published the vulnerability. The poor are,actually 0 to 4 years
Has published the libpng of these vulnerability information,visible every day to see the vulnerability information published is how heavy
To do this:)

--] Debug
Note:Use the gdb load links elf file with links. core file with debugging.
You can also use gdb under the breakpoint,and then browse for the png file to trigger the vulnerability
Which can dynamically trace debugging.
links. the core file can be in the page of the download zone download.

#gdb /usr/local/bin/links links. core
#login the gdb application

gdb print some debug messages.

bt
#0 0x8066af9 in png_read_end()
#1 0x3177 in ?? ()
#2 0x80af95b in png_read_end()
#3 0x80af548 in png_read_end()
#4 0x80add3e in png_read_end()

#1 4 0x804b8e5 in png_read_end()

/*
use the x/20x $esp and x/20x $esp to look at the stack message
use i reg or i reg $register to look at the register message
*/

---------------------English version-----------------------

/*
My english is very poorly,but i hopely cciss(cis) can be
seasoned with internationalization.
These days i learned english very hard,yet, i’m old:)))
*/

==www.cciss.cn.==
==the bbs. cciss. cn.==

Links2. 0 Use libpng Bring On Buffer Overflow

|=---------------=[ Links2. 0 found a Vulnerability]---------------=|
|=-----------------------------------------------------------------=|
|=---------------=[ 7all<cis7all_at_msn. cn> ]=---------------------=|
|=-----------------------------------------------------------------=|
|=---------------=[ Copyright:www. cciss. cn]=----------------------=|

--] Intro
links2. 0 libpng Buffer Overflow.

--] Links HomePage
http://links.twibright.com/
http://tech.groups.yahoo.com/group/links-browser/

--]Links Download
http://links.twibright.com/download/lin … e23.tar.gz

--] Description
Lynx-like text and graphics WWW browser. links is a text mode www
browser with ncurses interface,supporting colors,correct table
rendering. background downloading,menu driven configuration interface
and slim code.

--] Vulnerable
Yesterday,i found this vulnerability when analyzed in png images.
This vulnerability caused by libpng. lipng <= 1.2.10 has this
the vulnerability and some another vulnerability.
I found this vulnerability at links2. 0(FrssBSD4. 7),No time dig
links newly version,if you interested in this vulnerability,you
can dig newly version.
I don’t want to release this vulnerability,because this is very
simpleness:)but i think this could help someone.

--] Debug
Note:Use gdb and links. core file,you can download links. core
file at this webpage download area:-)

#gdb /usr/local/bin/links links. core
#login the gdb application

gdb print some debug messages.

bt
#0 0x8066af9 in png_read_end()
#1 0x3177 in ?? ()
#2 0x80af95b in png_read_end()
#3 0x80af548 in png_read_end()
#4 0x80add3e in png_read_end()

#1 4 0x804b8e5 in png_read_end()

/*
use the x/20x $esp and x/20x $esp to look at the stack message
use i reg or i reg $register to look at the register message
*/

\ -----
Download address:
http://www.cciss.cn/uploadFiles/linksbug. rar

JSON