[转载]htget Remotely Exploitable Buffer Overflow (ReadLine)
信息来源:[url]www.securiteam.com[/url]Summary
"infamous41md" discovered a buffer overflow in htget, a file grabber that will get files from HTTP servers. It is possible to overflow a buffer and execute arbitrary code by accessing a malicious URL. The following exploit code can be used to test your htget for the mentioned vulnerability.
Credit:
The information has been provided by infamous41md.
Details
Vulnerable code:
The following code is vulnerable to a buffer overflow:
rc = read ( Socket , & ch , 1 ) ;
while ( rc == 1 )
{
ReceiveBuffer [ I ] = ch ;
I ++ ;
if ( ch == '\n' )
{
break ;
}
if ( I > ( BIG_BUFFER_SIZE - 4 ))
{
break ;
}
rc = read ( Socket , & ch , 1 ) ;
}
Specifically, the if ( I > ( BIG_BUFFER_SIZE - 4 )) check, doesn't take into account the size of the buffer we store the information to, which in some cases is set to MAXLENGTH (256) and not to BIG_BUFFER_SIZE (4096).
CVE Information:
CAN-2004-0852
Exploit:
[url]http://www.eviloctal.com/forum/read.php?tid=6671[/url]
页:
[1]