Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: tiffsplit (libtiff <= 3.8.2) bss & stack buffer overflow...

tiffsplit (libtiff <= 3.8.2) bss & stack buffer overflow...

From: A. Alejandro Hernández <nitrous_at_conthackto.com.mx>
Date: Tue, 23 May 2006 23:30:40 -0600

Affected product: tiffsplit (libtiff <= 3.8.2)

tiffsplit from libtiff (http://www.remotesensing.org/libtiff/)
is vulnerable to a bss-based and stack-based overflow, but, I just
wrote the concept c0de for stack-based b0f 'cause I don't know how
to take advantage of the overwritten bss data (after the overflow,
that data is overwritten again correctly by a program' function).

.bss section is in higher addresses than .dtors section, so, we
can't hijack .dtors to....

Whatever...

Bug discovered @ 10/05/06, lazyness... lazyness... PoC @ 13/05/06
...Violence against my laptop.... Published @ 23/05/06...

Tested & Worked on Musix Linux, Fedora Core 3 and Ubuntu Linux...
NOTE: my p0c is so lame (not reliable)...

PoC: http://www.genexx.org/nitrous/code/PoCs/tiffspl33t/tiffspl33t.tar.gz

nitr0us <nitrousenador[at]gmail[dot]com>
Received on May 25 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos