|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
tiffsplit (libtiff <= 3.8.2) bss & stack buffer overflow...
From: A. Alejandro Hernández (nitrous
conthackto.com.mx)
Date: Wed May 24 2006 - 00:30:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Affected product: tiffsplit (libtiff <= 3.8.2)
tiffsplit from libtiff (http://www.remotesensing.org/libtiff/)
is vulnerable to a bss-based and stack-based overflow, but, I just
wrote the concept c0de for stack-based b0f 'cause I don't know how
to take advantage of the overwritten bss data (after the overflow,
that data is overwritten again correctly by a program' function).
.bss section is in higher addresses than .dtors section, so, we
can't hijack .dtors to....
Whatever...
Bug discovered 10/05/06, lazyness... lazyness... PoC 13/05/06
...Violence against my laptop.... Published 23/05/06...
Tested & Worked on Musix Linux, Fedora Core 3 and Ubuntu Linux...
NOTE: my p0c is so lame (not reliable)...
PoC: http://www.genexx.org/nitrous/code/PoCs/tiffspl33t/tiffspl33t.tar.gz
nitr0us <nitrousenador[at]gmail[dot]com>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]