XFBurn suffers from a stack-based buffer overflow vulnerability that escalate privileges.
ca0d7ba6363a978b3d6fa7d8e7bc4884c33c240783550a711247bccb95c25733################
#Exploit Title: Linux XFBurn Stack-based Buffer Overflow
#Type: CWE-121
#Exploit Author: Hosein Askari (FarazPajohan)
#Vendor HomePage: http://goodies.xfce.org/projects/applications/xfburn
#Version : 0.5.4
#Tested on: Ubuntu 17.04
#Date: 24-03-2017
#Category: Application
#Author Mail : hosein.askari@aol.com
#Description: This application isn't checking the return value of fopen() before using it. fopen() is failing here, returning NULL, and then NULL is passed as the stream to fprintf() resulting #Segmentation Fault.
#################
The kernel output | dmesg :
[ 2963.870884] xfburn[3739]: segfault at 0 ip 00007f1c9255f6f8 sp 00007ffd53ac2e70 error 4 in libc-2.23.so[7f1c924f1000+1bf000]
#################
The GDB output:
Thread 1 "xfburn" received signal SIGSEGV, Segmentation fault.
__GI__IO_fwrite (buf=0x555555584510, size=1, count=40, fp=0x0) at iofwrite.c:37
#################
Best Regards
Hosein Askari
Contact : hosein.askari@aol.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed