Linux XFBurn Buffer Overflow

XFBurn suffers from a stack-based buffer overflow vulnerability that escalate privileges.


MD5 | e1f9fa71f9b4e584ce68dede094d1004

################
#Exploit Title: Linux XFBurn Stack-based Buffer Overflow
#Type: CWE-121
#Exploit Author: Hosein Askari (FarazPajohan)
#Vendor HomePage: http://goodies.xfce.org/projects/applications/xfburn
#Version : 0.5.4
#Tested on: Ubuntu 17.04
#Date: 24-03-2017
#Category: Application
#Author Mail : [email protected]
#Description: This application isn't checking the return value of fopen() before using it. fopen() is failing here, returning NULL, and then NULL is passed as the stream to fprintf() resulting #Segmentation Fault.
#################
The kernel output | dmesg :
[ 2963.870884] xfburn[3739]: segfault at 0 ip 00007f1c9255f6f8 sp 00007ffd53ac2e70 error 4 in libc-2.23.so[7f1c924f1000+1bf000]
#################
The GDB output:
Thread 1 "xfburn" received signal SIGSEGV, Segmentation fault.
__GI__IO_fwrite (buf=0x555555584510, size=1, count=40, fp=0x0) at iofwrite.c:37
#################






Best Regards
Hosein Askari
Contact : [email protected]



Related Posts